Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-45338 (GCVE-0-2024-45338)
Vulnerability from cvelistv5 – Published: 2024-12-18 20:38 – Updated: 2025-02-21 18:03| Vendor | Product | Version | |
|---|---|---|---|
| golang.org/x/net | golang.org/x/net/html |
Affected:
0 , < 0.33.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-45338",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-31T19:51:42.228627Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333 Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-31T19:55:04.864Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-02-21T18:03:32.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250221-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "golang.org/x/net/html",
"product": "golang.org/x/net/html",
"programRoutines": [
{
"name": "parseDoctype"
},
{
"name": "htmlIntegrationPoint"
},
{
"name": "inTableIM"
},
{
"name": "inBodyIM"
},
{
"name": "Parse"
},
{
"name": "ParseFragment"
},
{
"name": "ParseFragmentWithOptions"
},
{
"name": "ParseWithOptions"
}
],
"vendor": "golang.org/x/net",
"versions": [
{
"lessThan": "0.33.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Guido Vranken"
}
],
"descriptions": [
{
"lang": "en",
"value": "An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-405: Asymmetric Resource Consumption (Amplification)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T20:38:22.660Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/cl/637536"
},
{
"url": "https://go.dev/issue/70906"
},
{
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"title": "Non-linear parsing of case-insensitive content in golang.org/x/net/html"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2024-45338",
"datePublished": "2024-12-18T20:38:22.660Z",
"dateReserved": "2024-08-27T19:41:58.555Z",
"dateUpdated": "2025-02-21T18:03:32.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-45338",
"date": "2026-06-30",
"epss": "0.00856",
"percentile": "0.53818"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-45338\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2024-12-18T21:15:08.173\",\"lastModified\":\"2026-06-17T07:54:03.510\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.\"},{\"lang\":\"es\",\"value\":\"Un atacante puede manipular una entrada para las funciones de an\u00e1lisis que se procesar\u00eda de forma no lineal con respecto a su longitud, lo que dar\u00eda como resultado un an\u00e1lisis extremadamente lento. Esto podr\u00eda causar una denegaci\u00f3n de servicio.\"}],\"affected\":[{\"source\":\"security@golang.org\",\"affectedData\":[{\"vendor\":\"golang.org/x/net\",\"product\":\"golang.org/x/net/html\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://pkg.go.dev\",\"packageName\":\"golang.org/x/net/html\",\"programRoutines\":[{\"name\":\"parseDoctype\"},{\"name\":\"htmlIntegrationPoint\"},{\"name\":\"inTableIM\"},{\"name\":\"inBodyIM\"},{\"name\":\"Parse\"},{\"name\":\"ParseFragment\"},{\"name\":\"ParseFragmentWithOptions\"},{\"name\":\"ParseWithOptions\"}],\"versions\":[{\"version\":\"0\",\"lessThan\":\"0.33.0\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2024-12-31T19:51:42.228627Z\",\"id\":\"CVE-2024-45338\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1333\"}]}],\"references\":[{\"url\":\"https://go.dev/cl/637536\",\"source\":\"security@golang.org\"},{\"url\":\"https://go.dev/issue/70906\",\"source\":\"security@golang.org\"},{\"url\":\"https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ\",\"source\":\"security@golang.org\"},{\"url\":\"https://pkg.go.dev/vuln/GO-2024-3333\",\"source\":\"security@golang.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20250221-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.netapp.com/advisory/ntap-20250221-0001/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-02-21T18:03:32.301Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-45338\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-12-31T19:51:42.228627Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1333\", \"description\": \"CWE-1333 Inefficient Regular Expression Complexity\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-12-31T19:54:57.693Z\"}}], \"cna\": {\"title\": \"Non-linear parsing of case-insensitive content in golang.org/x/net/html\", \"credits\": [{\"lang\": \"en\", \"value\": \"Guido Vranken\"}], \"affected\": [{\"vendor\": \"golang.org/x/net\", \"product\": \"golang.org/x/net/html\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"0.33.0\", \"versionType\": \"semver\"}], \"packageName\": \"golang.org/x/net/html\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"parseDoctype\"}, {\"name\": \"htmlIntegrationPoint\"}, {\"name\": \"inTableIM\"}, {\"name\": \"inBodyIM\"}, {\"name\": \"Parse\"}, {\"name\": \"ParseFragment\"}, {\"name\": \"ParseFragmentWithOptions\"}, {\"name\": \"ParseWithOptions\"}]}], \"references\": [{\"url\": \"https://go.dev/cl/637536\"}, {\"url\": \"https://go.dev/issue/70906\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2024-3333\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-405: Asymmetric Resource Consumption (Amplification)\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2024-12-18T20:38:22.660Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-45338\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-21T18:03:32.301Z\", \"dateReserved\": \"2024-08-27T19:41:58.555Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2024-12-18T20:38:22.660Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
RHSA-2025:9761
Vulnerability from csaf_redhat - Published: 2025-07-02 14:09 - Updated: 2026-06-30 03:29A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-sriov-network-config-daemon@sha256:03334b3311eb1077e01e06e90b99936f1cee32d336e17d959f1de79af7b149d2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-sriov-network-config-daemon@sha256:53939bd098c335aa5199436e960b435495a80b50dd03f1300dbcd21e1c68b4f6_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-sriov-network-config-daemon@sha256:6bc4f173c437f9c1f1fa22b1822772c3524b2ba8f8de1665ade371270437a11c_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/cloud-event-proxy-rhel8@sha256:0233506139f3316717ab4fb411d7377ab469f45bfec7e145011a0036a50a9d7d_arm64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/cloud-event-proxy-rhel8@sha256:3e3eba75b1a95f8cf5486824a48add0a2dedf9098aa9dfdf9a7ec4459223f78d_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/cloud-event-proxy-rhel8@sha256:edfcd00796b7fff70dcdeabf5d561c444eefc8096ffdc9ea3f31bf89b616d817_amd64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/nmstate-console-plugin-rhel8@sha256:73455fb51ff54b7f75144760786e2fe31b8a405f57f66f3f3c826b47ee893576_amd64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/nmstate-console-plugin-rhel8@sha256:9b25503c39de5d5f867412e32f2d0e1e3c96cd63bb8232b45b250f13658ce8ca_arm64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/nmstate-console-plugin-rhel8@sha256:ad3c9ee876c4a3e7c67d2b862d409cc0637272a38a1b387fdf642cbd4dbb8b31_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/nmstate-console-plugin-rhel8@sha256:bb460ed4f6b5a6394a3002f564b66a1a90dffd1399194e791c2ffc7012c67190_s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-ansible-operator@sha256:3ab1697898937e270feadff93e17b9a4cd6de777e60fb4ab05cb856dd8b28c70_s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-ansible-operator@sha256:7bd899717c4eb9d617f7b825c76ae2f0a246d0d4b1ef70d8494fd6e10bf97693_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-ansible-operator@sha256:b91606fd2a40224ce012e8acd18fcf20284c7ad73d4d86ff4a9c84d2adb9a96d_arm64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-ansible-operator@sha256:f3a4af058e9fc03867fd91f17cce26d6dc08634fc6f872038d5be4ab3b5824a8_amd64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:2e2414e207988fc6398dfb00fafbb461f2ee0528af3bf534003a2a9c8e07e119_arm64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:929d8ad2504c63cc88bec82c80990bd755456a21c524512c57de43596578a9e7_amd64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:aa70f8885c6845bdf6e142867b0e958bc98a0930dbe9bcead745be548b98bfdc_amd64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:ebbf6a1ff536c69d8269a134d3e87b0e7972630a522ce1bb1e61c81551f7f5ae_arm64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-cloud-event-proxy-rhel8@sha256:0233506139f3316717ab4fb411d7377ab469f45bfec7e145011a0036a50a9d7d_arm64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-cloud-event-proxy-rhel8@sha256:3e3eba75b1a95f8cf5486824a48add0a2dedf9098aa9dfdf9a7ec4459223f78d_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-cloud-event-proxy-rhel8@sha256:edfcd00796b7fff70dcdeabf5d561c444eefc8096ffdc9ea3f31bf89b616d817_amd64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-cluster-capacity@sha256:0f30c170bef2517e0c3dd41f3cddcc11e0e091963eaccd91cb922d7b6c487895_amd64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-cluster-capacity@sha256:5d05868107f7c3ecedf574dda3d591760c04b78ddfdf7ae51b7f4fa575e12a5c_s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-cluster-capacity@sha256:8df5a2f8cd8e5b1c6ad6301910f1a6d7775bcec87822d2a907ef0d6eb4cb91eb_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-cluster-capacity@sha256:c9127c4411c6d7a1cb2c32736cfa0a0b972ff6508c7cfdae86de059024225cce_arm64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-cluster-nfd-operator@sha256:23b1acf720e336f758901b9022e399643b5f5e303a0e49213fafddab2d3ea723_s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-cluster-nfd-operator@sha256:62163ceaa5be3cdd7eccd9d5040efdf3f252dd086e7185809c2431812ef8adff_amd64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-cluster-nfd-operator@sha256:7b9c7c4817bf68ec006d0fb1761b6c81f72548e8bd027a002dc60d0a5f390917_arm64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-cluster-nfd-operator@sha256:be3236ef05a81a2f580a95449416848357bec283afb6a2994651a40f1c560aef_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:48f91f8e33113075fddae25f7e168efe15835d23feb0747e21e930b8ca35cc0b_amd64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:5cdbd4891472df1e3b9df59ab9182ad2df0fec81bae7ccf3d1b805927d08ad55_arm64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:603558af93eee130812d4fbd3c5b5e70038cce20e82881f994108cb47faeb47f_s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:ed73893139fefee3b698603d94c07aff11ba1b507ebf736eefebf71c591fadd1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-clusterresourceoverride-rhel8@sha256:9085294de40f1ad5d1c41e25f0abf68ba02c4520bc4e9dee5d1f735822aae6a8_amd64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-clusterresourceoverride-rhel8@sha256:ac58b89cd94942682d6620a3af7b249e0598d05caac3c986690407320db68b20_s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-clusterresourceoverride-rhel8@sha256:f645a0c9eda6ee156a9d3dd8b44e1e3cdcfb6d4fc370c9fbec2828059162bd0f_arm64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-clusterresourceoverride-rhel8@sha256:f754504100e19640509c0e38a430a51cd7cedf95aac72b5acfd1021be63e80c1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:166caeed258b48a754012d7543eb83f104bb90886857f5152f1b97ca3340c1ff_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:324c43c8d9f052af2a44bdd2913e79cd9d7dcee5285e700a186b579cec073f23_amd64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:47d277ee00421d2a536150ef99909841a722e9b5d7092cec3442448f7af598e4_s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:eef4ba305e30869cf2cc3a54b9712458ca71eb9550c00d2ecadca50bb83754a1_arm64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-egress-dns-proxy@sha256:5105f5d615caa57433ffe9351c67f012b5a3dc59f779f22085824a42413ad7da_amd64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-egress-dns-proxy@sha256:a3a708a31abc7daec585f5d4fbefd60c75d17527a236dab815d8e91efd2a4ca8_arm64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-egress-dns-proxy@sha256:c5acfaca74c9151e40c283c71e67ae5f1d6403f05f783728b084becdae260980_s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-egress-dns-proxy@sha256:e5231045d512b40282c14b1b78eb9dbbf7a40258d5ac4790bcbba0e49f2c42ae_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-egress-http-proxy@sha256:15afdb8c07a3fcf206fa489a9a26a2ffc6a3c02a9bec3f3fc3501e25a4b104d6_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-egress-http-proxy@sha256:1eb78a80d2f721bfed0d357cb887e26bcd36af309411ca3a24041c9962e93770_amd64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-egress-http-proxy@sha256:8d7dceabb1706c35b8c98bc036882590acd1b31318d1d8a242890f500b965631_arm64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-egress-http-proxy@sha256:edf73ebdded358c1bb2bce4e103d9956194cf6d0f5eaf2fa6fa89508db6b478d_s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-egress-router@sha256:6845dc3b6a1a1f608049bc2cc561819808bc397f82e3e119853833175b01f890_amd64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-egress-router@sha256:6dcc7f04eb6d45dcad71d95642c26452ed104677c0a6792b1bc7186833bd669d_arm64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-egress-router@sha256:d880b552f898125df92dcad8854f5f88e0e83a15fde87d1949c1bebda474ef57_s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-egress-router@sha256:fc3412a4004fd2b5d29978a48a90aeaea0aadec04cb1488a558de5709c342437_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:2d3d91c55331a0cfb33fbfc7c8de6731dbffbf4bbb8c9ec4e5f72557ec972c08_arm64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:3ecf8091298b83e1a0b82272c81ad1b9a47ea96edb3a7b96edccab2534bdb741_amd64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:6dea50cae8f307a3822de67a47ac1fb65a594a0f50454e689030ac85fea23af2_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:4c3bc3000b499d1b54d8fe2abc5ee52409f44dec536154c45d0cb9068a49c30d_amd64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:6351b63ec08719fda2a61b1bea0924ce7640c85a4665d123bad9b6e71d5daceb_arm64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:9a66401431611b9b942f68573fa1a0b45fafbff85c100ecd796a73a9e83208b1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-helm-operator@sha256:155832f8b4b038aa41e76a1ed3fa0cf3250a062a45830361e5b7c07d249c7c1f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-helm-operator@sha256:3db0afaf76b46cbc520f5888e120d35b67bb317a8641a44f99d6b759c7cf6e6a_amd64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-helm-operator@sha256:78fb603acaec5f02aad58c26c481210303139c9bee7088d77a41ce8ffb2cbd63_arm64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-helm-operator@sha256:9f2df7136f35a80310b2c61fa7a6466349358a3cca0699e6e1fc7c8fe2f6afa7_s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-local-storage-diskmaker@sha256:2601f42edc41c0d559b6576ed5a27c6cb30832cab5e3c2f905a4b05989d3f6e1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-local-storage-diskmaker@sha256:9eb6db1b88adeee9ff22599cf003ae802b15a7882f11811f404be38e8aff552a_amd64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-local-storage-diskmaker@sha256:c17a11d96808a60770d9584d514fa9b8e1e9af157f2cf79a2014d50d9d6199f1_arm64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-local-storage-diskmaker@sha256:fe6e83adaf8e0b5458a2dfbf84c967472975cd9e279a37af9cebcd2646b78bfa_s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-local-storage-mustgather-rhel8@sha256:6f62e11148817aafa34ed32230aa09dd72e47be9a21fa74a960b1806acd5b6d5_s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-local-storage-mustgather-rhel8@sha256:a2004ef0cfe5c2bd9557e81bf7e14bb7bac86e066c2ac9fcf1fb1f4c4affe209_amd64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-local-storage-mustgather-rhel8@sha256:bb2169b62a6dd96f9d589eab45981c79f3e8c3c7422fe47b70ddc28548804574_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-local-storage-mustgather-rhel8@sha256:d598aaab20904ca3a7f8c1cd662ab885d417dacd404e2d5815e456cd9f89e317_arm64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-local-storage-operator@sha256:229629a1cc2efda7eb97c7e5a05fea436af8a799ee15b1950f13c39722b9aac1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-local-storage-operator@sha256:59a79f32bfdb17d733440113388ba60d6e3c578fcc093795d2ccbe912aee5889_arm64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-local-storage-operator@sha256:69da9a9b9063086cd4a488d1f3e1822fdf4e0905c47922effadaab4f6d10cf72_s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-local-storage-operator@sha256:d4365e00ab608ba339b879e21f2dea2a2466f28228b7d190dba6303eeaa2bdc6_amd64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-node-feature-discovery@sha256:26b6dd839999c6f69d0e19e1e8c82e6f611583144806e500f8c7162d28488153_amd64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-node-feature-discovery@sha256:6c39cede9440d2bdca5641682c58d8e33eaeb12dcc5998d917d90102bc646aa6_s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-node-feature-discovery@sha256:9e75a192bddc56383c17223a0330ffdc62eef5135086b0cae4b374b03e844bb3_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-node-feature-discovery@sha256:dc5a8d56401996a8110c1cd6eccd68228d38ed5882698f66e115075fc4583ab6_arm64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-operator-sdk-rhel8@sha256:3d3760bd0c452b1c6f183446634175701fcc41b348a8d580c94582cad3dc7bf7_arm64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-operator-sdk-rhel8@sha256:3dffaff72c5a2271e03d0b173af972acacdce214e7c5aa8c1560826798ef3c86_s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-operator-sdk-rhel8@sha256:40268201ed39372d63a93bc14b10081b858759dd550d99641b52645a3ac8f4b7_amd64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-operator-sdk-rhel8@sha256:d88ffcb4d9ec6be183f4c6f74aa49f83031f3af972d4bd293369476e0e2e436b_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-ptp-operator@sha256:3c3e0881e66ef1533a965c0dfa2d4e2816fb794a620a48c8cf587650101ce90f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-ptp-operator@sha256:e0be86b6efc1c1898ff40374e2accbe0458e314baa400ff752fbdb8a555c079c_arm64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-ptp-operator@sha256:fd92f9f6285a523b6768436d05af8049415d1ed35a11312f7878328ce2813381_amd64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:2857961dbd07c174e3c6ddc70fb789ce85e14a00e23cae3e4385d86b7c73b12e_amd64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:49ce7183466766fc00ba90bdae5f7622f219e0a916906d1bcebc0e0dd7c735f9_s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:4a099fea103dbf21971b79cad02327fac7a50912793cca32f31df71d6c2a1606_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:674dda9f790499a4746f13234612046f126bb2b9a6c94d81d845409979f07a38_arm64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-driver-rhel8@sha256:2339ae002806aa5322420a38f67da684ebc4fde8a94d06bc8798b9398dcad391_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-driver-rhel8@sha256:a5698b6dfa73b393ee9fcd81877f9c55cbbf6cca8ea82e968368803e67516b5c_arm64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-driver-rhel8@sha256:b6380d146d2a8ce0cae86dd335f46a01697c3c91ac4b1d35f5610a0f538e5315_amd64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-driver-rhel8@sha256:def7201739aec6c06ddb4f2c5f893d3f76f118e9af97d4a4402fe296727dc8d4_s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:12cb94865b6698b8561fd21749d64ace31711375dd69a156dc58b280fa7b5867_amd64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:7ce304db9bfd1e4ba74cd5307c006baabd7231b96e72a7783b12c85d47d83b8a_s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:9cbc765dfa9c5a11b8fe8096e523ef9705d75526343c6864c399f8416e879f2f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:fa57aff3382f7b4745673b217f61ba4496c7d67be7c852eebb93f5450df39c8c_arm64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-sriov-dp-admission-controller@sha256:22ff303478681836fd5510c2adb2d2191f94b1d7a7f4e13e7da093a6ad73d10b_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-sriov-dp-admission-controller@sha256:830ed60efcaf17e35764820f0ec826545c6dc9b7f1613b5671d45db0329ec044_amd64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-sriov-dp-admission-controller@sha256:fdda28aec9753d39bfd2c0098d4384ae7ad14250dab14b3a115aac568baed368_arm64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-sriov-infiniband-cni@sha256:7014d8c68ef59a17cad0f55ec727c8b0444acd18b0fc6487d2662b631dbddac5_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-sriov-infiniband-cni@sha256:bf7828ef911caa2e3dcb124ce66457a0aae21200ff0ada9929221d4d6cf3454c_amd64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-sriov-infiniband-cni@sha256:d193a096f62cf7d366eed248157b5384c1a73edf0712f6cccb8d7835d760cf1f_arm64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-sriov-network-device-plugin@sha256:30b935ecfa51f199c9dc104975242e4251f8361ea4dd1ff2c0b0d83b7f4630b3_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-sriov-network-device-plugin@sha256:3a5da82b4327cf32eb9b6d128aa345d0be36f42ca861c857bc6fca4c4f1eecaa_arm64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-sriov-network-device-plugin@sha256:f52d2c9a995d0d00af6394de7fc5239b6a494295eedb22debd8024125940d659_amd64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-sriov-network-operator@sha256:b8f20871bbf1edb04d0d8d539777a02d4ae1404c355297a1f3adf7682aca6106_amd64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-sriov-network-operator@sha256:dde4cfe3c53192974f810ba48792d2544152405103a48347c5c4d95d3ad8c4ce_arm64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-sriov-network-operator@sha256:ecc2bc79460e660198b1642bd0cb616ca623e3a686a303b90e8ea923c1627a65_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-sriov-network-webhook@sha256:c5085ac0089de82f8c873830a897c0e7986d96bc766e19ddd3ee73152f244c30_arm64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-sriov-network-webhook@sha256:da46eb4b254a9dc777959e263fefefd5a38e18d52974faf3ef2a70abe5983114_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-sriov-network-webhook@sha256:fd6f41701c4c193afe47879a15f7e96a6db3683d13d41efae8dd9d60d1af298e_amd64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:36b350ba9856d2498e0a472f7f2dadc2e996361ca61fbf54716df1e23736e682_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:4f3958298e1b6c0e7ae456da55502f7e78654d2b18d0061b3ee7d4ad9e0fcfd0_s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:8dbcc2e15c8b36c68e088a6cdf2e91177b04fa59bb3bb1790bf6033da8135e16_arm64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:a55e4ba925da6c54f0deeccd978eb1fcaa589be69da58fd0c03fafad6301e968_amd64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:3fafe355d0816b4c07a8760887e0626416bc485c8f40930a55b235539e60a4fd_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:46a5db2674418804e90cbbe9757f8b738bf92f9fd7bc59a1b7e24f128bd4c48e_amd64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:b4b1c46902cb7e75fe92227e551f69a605611848d0de6a84dd02b47dbe156833_s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:e0ab787a1380d1f8f209aac1d347cb4d1cb7adb8156efd530324fea16604422e_arm64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ptp-must-gather-rhel8@sha256:5a25db7c37642b87bd7a91e561f7beea7e55f6694e66163db7c23e11130c6165_amd64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ptp-must-gather-rhel8@sha256:84d4108297c134dbe94e4e00c45ff68f4f5b1119bd6389a12d8a0ee5c4d13eb4_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.14:openshift4/ptp-must-gather-rhel8@sha256:ce42996d1525496c72b7211ad37de3cc99203fa9362977322f656421db4a4fb0_arm64 | — | ||
| Unresolved product id: 9Base-RHOSE-4.14:openshift4/frr-rhel9@sha256:27a9c1e634790230c826d34a9560017534ab0447204e1426e27c01235a996857_arm64 | — | ||
| Unresolved product id: 9Base-RHOSE-4.14:openshift4/frr-rhel9@sha256:2a8bf055bca3d1ded35b1dbabf7c6ee969db60453c83287af4d6cb21ab467f7c_amd64 | — | ||
| Unresolved product id: 9Base-RHOSE-4.14:openshift4/frr-rhel9@sha256:84e10305f463777e88a01f0a479c91264d1cdb6e5974c7969b822662016d4ee8_s390x | — | ||
| Unresolved product id: 9Base-RHOSE-4.14:openshift4/frr-rhel9@sha256:8d2b596cd979659bf6315108291aec567d187b91c4aa6ed0195c20936bb03b94_ppc64le | — | ||
| Unresolved product id: 9Base-RHOSE-4.14:openshift4/ingress-node-firewall-rhel9-operator@sha256:32c12362ad54a0ffcd979ccdffd150e6fd4a8e9dc5d238aba30f40afeae13f40_arm64 | — | ||
| Unresolved product id: 9Base-RHOSE-4.14:openshift4/ingress-node-firewall-rhel9-operator@sha256:88baf977bdb6a6039e03f4058af9d1dc335ad0d1cabbefb5e603fbcc343fe26e_ppc64le | — | ||
| Unresolved product id: 9Base-RHOSE-4.14:openshift4/ingress-node-firewall-rhel9-operator@sha256:b61cc9682c3b773716f6a44c38f07150a25a22bf755d512fc6912e289658a3c1_s390x | — | ||
| Unresolved product id: 9Base-RHOSE-4.14:openshift4/ingress-node-firewall-rhel9-operator@sha256:d7716b05b7ffc84e38dca2c87172564214734ff0cc2e5b734f963de141e07b86_amd64 | — | ||
| Unresolved product id: 9Base-RHOSE-4.14:openshift4/ingress-node-firewall-rhel9@sha256:04336565c63caea4f35906c909565c0c4f643a99ea720ed04584e558e9db9ded_s390x | — | ||
| Unresolved product id: 9Base-RHOSE-4.14:openshift4/ingress-node-firewall-rhel9@sha256:96802e02ddb58f3744b36e2b6194c4bef07510b53493bbabf7a61a4b54a8fdf7_arm64 | — | ||
| Unresolved product id: 9Base-RHOSE-4.14:openshift4/ingress-node-firewall-rhel9@sha256:985c78cbef57834ffb72edff477729d48e94fea3d2b8591a80288579ea7dfff7_ppc64le | — | ||
| Unresolved product id: 9Base-RHOSE-4.14:openshift4/ingress-node-firewall-rhel9@sha256:cc23cf464f6dfb77854b04c5c939744259ee935425d0197710f6348b75b9eba9_amd64 | — | ||
| Unresolved product id: 9Base-RHOSE-4.14:openshift4/kubernetes-nmstate-rhel9-operator@sha256:5df6fdb232e0f834571fcd11856625a89793ca0b17a6f98332e692f209af378a_ppc64le | — | ||
| Unresolved product id: 9Base-RHOSE-4.14:openshift4/kubernetes-nmstate-rhel9-operator@sha256:70262eb0385b7420a41f3091a3d9ae1c8d1f2df7c74a22a3832852ada597b2fa_arm64 | — | ||
| Unresolved product id: 9Base-RHOSE-4.14:openshift4/kubernetes-nmstate-rhel9-operator@sha256:8a54c5069c601ef93dc353d99cedff5516866b724c1b51f928dd5c214eaea5ed_amd64 | — | ||
| Unresolved product id: 9Base-RHOSE-4.14:openshift4/kubernetes-nmstate-rhel9-operator@sha256:9469ea9eff0b22c620060bc3743004e94aab005329fe0839629255392a318d6d_s390x | — | ||
| Unresolved product id: 9Base-RHOSE-4.14:openshift4/metallb-rhel9-operator@sha256:56fb0a43bc9523519bbdb8ce5fb95180a2fec3d73bfda2112b5a8fe8a0951902_amd64 | — | ||
| Unresolved product id: 9Base-RHOSE-4.14:openshift4/metallb-rhel9-operator@sha256:60b33ad6b9e49d9d34fce895b735618a0b9b488b1ea833206f4c1d71f21c8993_arm64 | — | ||
| Unresolved product id: 9Base-RHOSE-4.14:openshift4/metallb-rhel9-operator@sha256:6da914e66d7047b31a3da77b527df3ed21f55f1e298d0b0c7e4ce212380f268b_ppc64le | — | ||
| Unresolved product id: 9Base-RHOSE-4.14:openshift4/metallb-rhel9-operator@sha256:c3f43370f6b4ec667e0834acf90ce483c537f61dea0a14bb3beabb818e6ad9d1_s390x | — | ||
| Unresolved product id: 9Base-RHOSE-4.14:openshift4/metallb-rhel9@sha256:0809cad5a3eabe1d5fa535527bb574e300d7c02ea0cfcd29e8cf0f01d20a6d40_s390x | — | ||
| Unresolved product id: 9Base-RHOSE-4.14:openshift4/metallb-rhel9@sha256:640fac8f22d1afb5c7e3a1f43a67d0169c006e69cc0c8c858d4113893fbd41d9_arm64 | — | ||
| Unresolved product id: 9Base-RHOSE-4.14:openshift4/metallb-rhel9@sha256:bb6f983de658f0713852e5dfafefd3808c7061c1d16f9a93d5f7b177a8c64d7f_ppc64le | — | ||
| Unresolved product id: 9Base-RHOSE-4.14:openshift4/metallb-rhel9@sha256:c912a492c8da61ed281b43cf63b68aee8c3e6c56ad0683957816cc5a59c9d97a_amd64 | — | ||
| Unresolved product id: 9Base-RHOSE-4.14:openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:1c082ba6d2a4f3b65157056c20e29b0cbabcf231868167c350a96773b7aca6ae_s390x | — | ||
| Unresolved product id: 9Base-RHOSE-4.14:openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:3b3d0f1ccc4ad3c5bf1c336630f4eb7f46ddaae36fee37a0260025224dd45628_amd64 | — | ||
| Unresolved product id: 9Base-RHOSE-4.14:openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:cd0658df500867eeb7b998965adb620d0cb46de763486017dcd5895ace115bbd_ppc64le | — | ||
| Unresolved product id: 9Base-RHOSE-4.14:openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:db0607fff034e11d26709d215e141888806680f5ef9322ce9f70985cde03e56a_arm64 | — | ||
| Unresolved product id: 9Base-RHOSE-4.14:openshift4/ose-ptp-rhel9@sha256:4a6a289fd2c3b11a4754320ed9dacf16cf1994eacfc403a802fff37fd936e5af_arm64 | — | ||
| Unresolved product id: 9Base-RHOSE-4.14:openshift4/ose-ptp-rhel9@sha256:97ddc4cf9fbdb0256da206cda301875c56c3349c934f49dfaffb3a732311d95a_ppc64le | — | ||
| Unresolved product id: 9Base-RHOSE-4.14:openshift4/ose-ptp-rhel9@sha256:edb58b48bd875d18b8ebf9bfd34b91c315766c6a2c5739152caf3ff81d044ad3_amd64 | — | ||
| Unresolved product id: 9Base-RHOSE-4.14:openshift4/sriov-cni-rhel9@sha256:207ed00baf6d077a00a6526ddd535801d3c9db36baf8e818e87db18be867576c_ppc64le | — | ||
| Unresolved product id: 9Base-RHOSE-4.14:openshift4/sriov-cni-rhel9@sha256:f5e21358eac8e80ee201fd4b3920df5ec5a90b03bd427b229fb28ccbb661632d_amd64 | — | ||
| Unresolved product id: 9Base-RHOSE-4.14:openshift4/sriov-cni-rhel9@sha256:ff08318a45ee53cbcbd9f43d77a00dc183676dac01c5205b7bee6d3152fca66e_arm64 | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.14.53 is now available with\nupdates to packages and images that fix several bugs.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.14.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.14.53. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHSA-2025:9759\n\nSecurity Fix(es):\n\n* golang.org/x/net/html: Non-linear parsing of case-insensitive content in\ngolang.org/x/net/html (CVE-2024-45338)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.14 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html-single/updating_clusters/index#updating-cluster-cli.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:9761",
"url": "https://access.redhat.com/errata/RHSA-2025:9761"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "OCPBUGS-55953",
"url": "https://issues.redhat.com/browse/OCPBUGS-55953"
},
{
"category": "external",
"summary": "OCPBUGS-56135",
"url": "https://issues.redhat.com/browse/OCPBUGS-56135"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_9761.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.14.53 security and extras update",
"tracking": {
"current_release_date": "2026-06-30T03:29:34+00:00",
"generator": {
"date": "2026-06-30T03:29:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2025:9761",
"initial_release_date": "2025-07-02T14:09:57+00:00",
"revision_history": [
{
"date": "2025-07-02T14:09:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-02T14:09:57+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T03:29:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.14",
"product": {
"name": "Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.14::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.14",
"product": {
"name": "Red Hat OpenShift Container Platform 4.14",
"product_id": "9Base-RHOSE-4.14",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.14::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift4/cloud-event-proxy-rhel8@sha256:edfcd00796b7fff70dcdeabf5d561c444eefc8096ffdc9ea3f31bf89b616d817_amd64",
"product": {
"name": "openshift4/cloud-event-proxy-rhel8@sha256:edfcd00796b7fff70dcdeabf5d561c444eefc8096ffdc9ea3f31bf89b616d817_amd64",
"product_id": "openshift4/cloud-event-proxy-rhel8@sha256:edfcd00796b7fff70dcdeabf5d561c444eefc8096ffdc9ea3f31bf89b616d817_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cloud-event-proxy-rhel8@sha256:edfcd00796b7fff70dcdeabf5d561c444eefc8096ffdc9ea3f31bf89b616d817?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/cloud-event-proxy-rhel8\u0026tag=v4.14.0-202506112307.p0.g69bbc7c.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-cloud-event-proxy-rhel8@sha256:edfcd00796b7fff70dcdeabf5d561c444eefc8096ffdc9ea3f31bf89b616d817_amd64",
"product": {
"name": "openshift4/ose-cloud-event-proxy-rhel8@sha256:edfcd00796b7fff70dcdeabf5d561c444eefc8096ffdc9ea3f31bf89b616d817_amd64",
"product_id": "openshift4/ose-cloud-event-proxy-rhel8@sha256:edfcd00796b7fff70dcdeabf5d561c444eefc8096ffdc9ea3f31bf89b616d817_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-cloud-event-proxy-rhel8@sha256:edfcd00796b7fff70dcdeabf5d561c444eefc8096ffdc9ea3f31bf89b616d817?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-cloud-event-proxy-rhel8\u0026tag=v4.14.0-202506112307.p0.g69bbc7c.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-nfd-operator@sha256:62163ceaa5be3cdd7eccd9d5040efdf3f252dd086e7185809c2431812ef8adff_amd64",
"product": {
"name": "openshift4/ose-cluster-nfd-operator@sha256:62163ceaa5be3cdd7eccd9d5040efdf3f252dd086e7185809c2431812ef8adff_amd64",
"product_id": "openshift4/ose-cluster-nfd-operator@sha256:62163ceaa5be3cdd7eccd9d5040efdf3f252dd086e7185809c2431812ef8adff_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-cluster-nfd-operator@sha256:62163ceaa5be3cdd7eccd9d5040efdf3f252dd086e7185809c2431812ef8adff?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-nfd-operator\u0026tag=v4.14.0-202506112307.p0.ga62d778.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-sriov-infiniband-cni@sha256:bf7828ef911caa2e3dcb124ce66457a0aae21200ff0ada9929221d4d6cf3454c_amd64",
"product": {
"name": "openshift4/ose-sriov-infiniband-cni@sha256:bf7828ef911caa2e3dcb124ce66457a0aae21200ff0ada9929221d4d6cf3454c_amd64",
"product_id": "openshift4/ose-sriov-infiniband-cni@sha256:bf7828ef911caa2e3dcb124ce66457a0aae21200ff0ada9929221d4d6cf3454c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-sriov-infiniband-cni@sha256:bf7828ef911caa2e3dcb124ce66457a0aae21200ff0ada9929221d4d6cf3454c?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-infiniband-cni\u0026tag=v4.14.0-202506112307.p0.gcc85a75.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ingress-node-firewall-rhel9@sha256:cc23cf464f6dfb77854b04c5c939744259ee935425d0197710f6348b75b9eba9_amd64",
"product": {
"name": "openshift4/ingress-node-firewall-rhel9@sha256:cc23cf464f6dfb77854b04c5c939744259ee935425d0197710f6348b75b9eba9_amd64",
"product_id": "openshift4/ingress-node-firewall-rhel9@sha256:cc23cf464f6dfb77854b04c5c939744259ee935425d0197710f6348b75b9eba9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ingress-node-firewall-rhel9@sha256:cc23cf464f6dfb77854b04c5c939744259ee935425d0197710f6348b75b9eba9?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ingress-node-firewall-rhel9\u0026tag=v4.14.0-202506062303.p0.gd71e4a3.assembly.stream.el9"
}
}
},
{
"category": "product_version",
"name": "openshift4/ingress-node-firewall-rhel9-operator@sha256:d7716b05b7ffc84e38dca2c87172564214734ff0cc2e5b734f963de141e07b86_amd64",
"product": {
"name": "openshift4/ingress-node-firewall-rhel9-operator@sha256:d7716b05b7ffc84e38dca2c87172564214734ff0cc2e5b734f963de141e07b86_amd64",
"product_id": "openshift4/ingress-node-firewall-rhel9-operator@sha256:d7716b05b7ffc84e38dca2c87172564214734ff0cc2e5b734f963de141e07b86_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ingress-node-firewall-rhel9-operator@sha256:d7716b05b7ffc84e38dca2c87172564214734ff0cc2e5b734f963de141e07b86?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ingress-node-firewall-rhel9-operator\u0026tag=v4.14.0-202506112307.p0.gd71e4a3.assembly.stream.el9"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-local-storage-diskmaker@sha256:9eb6db1b88adeee9ff22599cf003ae802b15a7882f11811f404be38e8aff552a_amd64",
"product": {
"name": "openshift4/ose-local-storage-diskmaker@sha256:9eb6db1b88adeee9ff22599cf003ae802b15a7882f11811f404be38e8aff552a_amd64",
"product_id": "openshift4/ose-local-storage-diskmaker@sha256:9eb6db1b88adeee9ff22599cf003ae802b15a7882f11811f404be38e8aff552a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-local-storage-diskmaker@sha256:9eb6db1b88adeee9ff22599cf003ae802b15a7882f11811f404be38e8aff552a?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-diskmaker\u0026tag=v4.14.0-202506112307.p0.g599ce82.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-local-storage-operator@sha256:d4365e00ab608ba339b879e21f2dea2a2466f28228b7d190dba6303eeaa2bdc6_amd64",
"product": {
"name": "openshift4/ose-local-storage-operator@sha256:d4365e00ab608ba339b879e21f2dea2a2466f28228b7d190dba6303eeaa2bdc6_amd64",
"product_id": "openshift4/ose-local-storage-operator@sha256:d4365e00ab608ba339b879e21f2dea2a2466f28228b7d190dba6303eeaa2bdc6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-local-storage-operator@sha256:d4365e00ab608ba339b879e21f2dea2a2466f28228b7d190dba6303eeaa2bdc6?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-operator\u0026tag=v4.14.0-202506112307.p0.g599ce82.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/nmstate-console-plugin-rhel8@sha256:73455fb51ff54b7f75144760786e2fe31b8a405f57f66f3f3c826b47ee893576_amd64",
"product": {
"name": "openshift4/nmstate-console-plugin-rhel8@sha256:73455fb51ff54b7f75144760786e2fe31b8a405f57f66f3f3c826b47ee893576_amd64",
"product_id": "openshift4/nmstate-console-plugin-rhel8@sha256:73455fb51ff54b7f75144760786e2fe31b8a405f57f66f3f3c826b47ee893576_amd64",
"product_identification_helper": {
"purl": "pkg:oci/nmstate-console-plugin-rhel8@sha256:73455fb51ff54b7f75144760786e2fe31b8a405f57f66f3f3c826b47ee893576?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/nmstate-console-plugin-rhel8\u0026tag=v4.14.0-202506250034.p0.gb82c422.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-node-feature-discovery@sha256:26b6dd839999c6f69d0e19e1e8c82e6f611583144806e500f8c7162d28488153_amd64",
"product": {
"name": "openshift4/ose-node-feature-discovery@sha256:26b6dd839999c6f69d0e19e1e8c82e6f611583144806e500f8c7162d28488153_amd64",
"product_id": "openshift4/ose-node-feature-discovery@sha256:26b6dd839999c6f69d0e19e1e8c82e6f611583144806e500f8c7162d28488153_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-node-feature-discovery@sha256:26b6dd839999c6f69d0e19e1e8c82e6f611583144806e500f8c7162d28488153?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-node-feature-discovery\u0026tag=v4.14.0-202506112307.p0.gb30f8cb.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-ansible-operator@sha256:f3a4af058e9fc03867fd91f17cce26d6dc08634fc6f872038d5be4ab3b5824a8_amd64",
"product": {
"name": "openshift4/ose-ansible-operator@sha256:f3a4af058e9fc03867fd91f17cce26d6dc08634fc6f872038d5be4ab3b5824a8_amd64",
"product_id": "openshift4/ose-ansible-operator@sha256:f3a4af058e9fc03867fd91f17cce26d6dc08634fc6f872038d5be4ab3b5824a8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-ansible-operator@sha256:f3a4af058e9fc03867fd91f17cce26d6dc08634fc6f872038d5be4ab3b5824a8?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-ansible-operator\u0026tag=v4.14.0-202506112307.p0.g0ad973f.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-capacity@sha256:0f30c170bef2517e0c3dd41f3cddcc11e0e091963eaccd91cb922d7b6c487895_amd64",
"product": {
"name": "openshift4/ose-cluster-capacity@sha256:0f30c170bef2517e0c3dd41f3cddcc11e0e091963eaccd91cb922d7b6c487895_amd64",
"product_id": "openshift4/ose-cluster-capacity@sha256:0f30c170bef2517e0c3dd41f3cddcc11e0e091963eaccd91cb922d7b6c487895_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-cluster-capacity@sha256:0f30c170bef2517e0c3dd41f3cddcc11e0e091963eaccd91cb922d7b6c487895?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-capacity\u0026tag=v4.14.0-202506112307.p0.g1d2edb6.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-egress-dns-proxy@sha256:5105f5d615caa57433ffe9351c67f012b5a3dc59f779f22085824a42413ad7da_amd64",
"product": {
"name": "openshift4/ose-egress-dns-proxy@sha256:5105f5d615caa57433ffe9351c67f012b5a3dc59f779f22085824a42413ad7da_amd64",
"product_id": "openshift4/ose-egress-dns-proxy@sha256:5105f5d615caa57433ffe9351c67f012b5a3dc59f779f22085824a42413ad7da_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-egress-dns-proxy@sha256:5105f5d615caa57433ffe9351c67f012b5a3dc59f779f22085824a42413ad7da?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-egress-dns-proxy\u0026tag=v4.14.0-202506112307.p0.g03e5f40.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-egress-router@sha256:6845dc3b6a1a1f608049bc2cc561819808bc397f82e3e119853833175b01f890_amd64",
"product": {
"name": "openshift4/ose-egress-router@sha256:6845dc3b6a1a1f608049bc2cc561819808bc397f82e3e119853833175b01f890_amd64",
"product_id": "openshift4/ose-egress-router@sha256:6845dc3b6a1a1f608049bc2cc561819808bc397f82e3e119853833175b01f890_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-egress-router@sha256:6845dc3b6a1a1f608049bc2cc561819808bc397f82e3e119853833175b01f890?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-egress-router\u0026tag=v4.14.0-202506112307.p0.g03e5f40.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-helm-operator@sha256:3db0afaf76b46cbc520f5888e120d35b67bb317a8641a44f99d6b759c7cf6e6a_amd64",
"product": {
"name": "openshift4/ose-helm-operator@sha256:3db0afaf76b46cbc520f5888e120d35b67bb317a8641a44f99d6b759c7cf6e6a_amd64",
"product_id": "openshift4/ose-helm-operator@sha256:3db0afaf76b46cbc520f5888e120d35b67bb317a8641a44f99d6b759c7cf6e6a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-helm-operator@sha256:3db0afaf76b46cbc520f5888e120d35b67bb317a8641a44f99d6b759c7cf6e6a?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-helm-operator\u0026tag=v4.14.0-202506112307.p0.g0ad973f.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-operator-sdk-rhel8@sha256:40268201ed39372d63a93bc14b10081b858759dd550d99641b52645a3ac8f4b7_amd64",
"product": {
"name": "openshift4/ose-operator-sdk-rhel8@sha256:40268201ed39372d63a93bc14b10081b858759dd550d99641b52645a3ac8f4b7_amd64",
"product_id": "openshift4/ose-operator-sdk-rhel8@sha256:40268201ed39372d63a93bc14b10081b858759dd550d99641b52645a3ac8f4b7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-operator-sdk-rhel8@sha256:40268201ed39372d63a93bc14b10081b858759dd550d99641b52645a3ac8f4b7?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-operator-sdk-rhel8\u0026tag=v4.14.0-202506250034.p0.g0ad973f.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:3b3d0f1ccc4ad3c5bf1c336630f4eb7f46ddaae36fee37a0260025224dd45628_amd64",
"product": {
"name": "openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:3b3d0f1ccc4ad3c5bf1c336630f4eb7f46ddaae36fee37a0260025224dd45628_amd64",
"product_id": "openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:3b3d0f1ccc4ad3c5bf1c336630f4eb7f46ddaae36fee37a0260025224dd45628_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-kubernetes-nmstate-handler-rhel9@sha256:3b3d0f1ccc4ad3c5bf1c336630f4eb7f46ddaae36fee37a0260025224dd45628?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-kubernetes-nmstate-handler-rhel9\u0026tag=v4.14.0-202506062303.p0.g23117c5.assembly.stream.el9"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:929d8ad2504c63cc88bec82c80990bd755456a21c524512c57de43596578a9e7_amd64",
"product": {
"name": "openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:929d8ad2504c63cc88bec82c80990bd755456a21c524512c57de43596578a9e7_amd64",
"product_id": "openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:929d8ad2504c63cc88bec82c80990bd755456a21c524512c57de43596578a9e7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-aws-efs-csi-driver-container-rhel8@sha256:929d8ad2504c63cc88bec82c80990bd755456a21c524512c57de43596578a9e7?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-aws-efs-csi-driver-container-rhel8\u0026tag=v4.14.0-202506112307.p0.g67eddc2.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:aa70f8885c6845bdf6e142867b0e958bc98a0930dbe9bcead745be548b98bfdc_amd64",
"product": {
"name": "openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:aa70f8885c6845bdf6e142867b0e958bc98a0930dbe9bcead745be548b98bfdc_amd64",
"product_id": "openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:aa70f8885c6845bdf6e142867b0e958bc98a0930dbe9bcead745be548b98bfdc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-aws-efs-csi-driver-rhel8-operator@sha256:aa70f8885c6845bdf6e142867b0e958bc98a0930dbe9bcead745be548b98bfdc?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-aws-efs-csi-driver-rhel8-operator\u0026tag=v4.14.0-202506112307.p0.g9884f76.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-clusterresourceoverride-rhel8@sha256:9085294de40f1ad5d1c41e25f0abf68ba02c4520bc4e9dee5d1f735822aae6a8_amd64",
"product": {
"name": "openshift4/ose-clusterresourceoverride-rhel8@sha256:9085294de40f1ad5d1c41e25f0abf68ba02c4520bc4e9dee5d1f735822aae6a8_amd64",
"product_id": "openshift4/ose-clusterresourceoverride-rhel8@sha256:9085294de40f1ad5d1c41e25f0abf68ba02c4520bc4e9dee5d1f735822aae6a8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-clusterresourceoverride-rhel8@sha256:9085294de40f1ad5d1c41e25f0abf68ba02c4520bc4e9dee5d1f735822aae6a8?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel8\u0026tag=v4.14.0-202506112307.p0.g61de9ca.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:48f91f8e33113075fddae25f7e168efe15835d23feb0747e21e930b8ca35cc0b_amd64",
"product": {
"name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:48f91f8e33113075fddae25f7e168efe15835d23feb0747e21e930b8ca35cc0b_amd64",
"product_id": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:48f91f8e33113075fddae25f7e168efe15835d23feb0747e21e930b8ca35cc0b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-clusterresourceoverride-rhel8-operator@sha256:48f91f8e33113075fddae25f7e168efe15835d23feb0747e21e930b8ca35cc0b?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel8-operator\u0026tag=v4.14.0-202506112307.p0.g699f73c.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:324c43c8d9f052af2a44bdd2913e79cd9d7dcee5285e700a186b579cec073f23_amd64",
"product": {
"name": "openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:324c43c8d9f052af2a44bdd2913e79cd9d7dcee5285e700a186b579cec073f23_amd64",
"product_id": "openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:324c43c8d9f052af2a44bdd2913e79cd9d7dcee5285e700a186b579cec073f23_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:324c43c8d9f052af2a44bdd2913e79cd9d7dcee5285e700a186b579cec073f23?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-csi-driver-shared-resource-mustgather-rhel8\u0026tag=v4.14.0-202506112307.p0.g9232c1f.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-egress-http-proxy@sha256:1eb78a80d2f721bfed0d357cb887e26bcd36af309411ca3a24041c9962e93770_amd64",
"product": {
"name": "openshift4/ose-egress-http-proxy@sha256:1eb78a80d2f721bfed0d357cb887e26bcd36af309411ca3a24041c9962e93770_amd64",
"product_id": "openshift4/ose-egress-http-proxy@sha256:1eb78a80d2f721bfed0d357cb887e26bcd36af309411ca3a24041c9962e93770_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-egress-http-proxy@sha256:1eb78a80d2f721bfed0d357cb887e26bcd36af309411ca3a24041c9962e93770?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-egress-http-proxy\u0026tag=v4.14.0-202506112307.p0.g03e5f40.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/frr-rhel9@sha256:2a8bf055bca3d1ded35b1dbabf7c6ee969db60453c83287af4d6cb21ab467f7c_amd64",
"product": {
"name": "openshift4/frr-rhel9@sha256:2a8bf055bca3d1ded35b1dbabf7c6ee969db60453c83287af4d6cb21ab467f7c_amd64",
"product_id": "openshift4/frr-rhel9@sha256:2a8bf055bca3d1ded35b1dbabf7c6ee969db60453c83287af4d6cb21ab467f7c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/frr-rhel9@sha256:2a8bf055bca3d1ded35b1dbabf7c6ee969db60453c83287af4d6cb21ab467f7c?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/frr-rhel9\u0026tag=v4.14.0-202506062303.p0.g0414ca3.assembly.stream.el9"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:4c3bc3000b499d1b54d8fe2abc5ee52409f44dec536154c45d0cb9068a49c30d_amd64",
"product": {
"name": "openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:4c3bc3000b499d1b54d8fe2abc5ee52409f44dec536154c45d0cb9068a49c30d_amd64",
"product_id": "openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:4c3bc3000b499d1b54d8fe2abc5ee52409f44dec536154c45d0cb9068a49c30d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-gcp-filestore-csi-driver-rhel8@sha256:4c3bc3000b499d1b54d8fe2abc5ee52409f44dec536154c45d0cb9068a49c30d?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-gcp-filestore-csi-driver-rhel8\u0026tag=v4.14.0-202506112307.p0.ga6af579.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:3ecf8091298b83e1a0b82272c81ad1b9a47ea96edb3a7b96edccab2534bdb741_amd64",
"product": {
"name": "openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:3ecf8091298b83e1a0b82272c81ad1b9a47ea96edb3a7b96edccab2534bdb741_amd64",
"product_id": "openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:3ecf8091298b83e1a0b82272c81ad1b9a47ea96edb3a7b96edccab2534bdb741_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:3ecf8091298b83e1a0b82272c81ad1b9a47ea96edb3a7b96edccab2534bdb741?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-gcp-filestore-csi-driver-rhel8-operator\u0026tag=v4.14.0-202506112307.p0.g5028f0a.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/kubernetes-nmstate-rhel9-operator@sha256:8a54c5069c601ef93dc353d99cedff5516866b724c1b51f928dd5c214eaea5ed_amd64",
"product": {
"name": "openshift4/kubernetes-nmstate-rhel9-operator@sha256:8a54c5069c601ef93dc353d99cedff5516866b724c1b51f928dd5c214eaea5ed_amd64",
"product_id": "openshift4/kubernetes-nmstate-rhel9-operator@sha256:8a54c5069c601ef93dc353d99cedff5516866b724c1b51f928dd5c214eaea5ed_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubernetes-nmstate-rhel9-operator@sha256:8a54c5069c601ef93dc353d99cedff5516866b724c1b51f928dd5c214eaea5ed?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/kubernetes-nmstate-rhel9-operator\u0026tag=v4.14.0-202506250034.p0.g23117c5.assembly.stream.el9"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-ptp-rhel9@sha256:edb58b48bd875d18b8ebf9bfd34b91c315766c6a2c5739152caf3ff81d044ad3_amd64",
"product": {
"name": "openshift4/ose-ptp-rhel9@sha256:edb58b48bd875d18b8ebf9bfd34b91c315766c6a2c5739152caf3ff81d044ad3_amd64",
"product_id": "openshift4/ose-ptp-rhel9@sha256:edb58b48bd875d18b8ebf9bfd34b91c315766c6a2c5739152caf3ff81d044ad3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-ptp-rhel9@sha256:edb58b48bd875d18b8ebf9bfd34b91c315766c6a2c5739152caf3ff81d044ad3?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-ptp-rhel9\u0026tag=v4.14.0-202506062303.p0.g23551f5.assembly.stream.el9"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-local-storage-mustgather-rhel8@sha256:a2004ef0cfe5c2bd9557e81bf7e14bb7bac86e066c2ac9fcf1fb1f4c4affe209_amd64",
"product": {
"name": "openshift4/ose-local-storage-mustgather-rhel8@sha256:a2004ef0cfe5c2bd9557e81bf7e14bb7bac86e066c2ac9fcf1fb1f4c4affe209_amd64",
"product_id": "openshift4/ose-local-storage-mustgather-rhel8@sha256:a2004ef0cfe5c2bd9557e81bf7e14bb7bac86e066c2ac9fcf1fb1f4c4affe209_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-local-storage-mustgather-rhel8@sha256:a2004ef0cfe5c2bd9557e81bf7e14bb7bac86e066c2ac9fcf1fb1f4c4affe209?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-mustgather-rhel8\u0026tag=v4.14.0-202506112307.p0.g599ce82.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/metallb-rhel9@sha256:c912a492c8da61ed281b43cf63b68aee8c3e6c56ad0683957816cc5a59c9d97a_amd64",
"product": {
"name": "openshift4/metallb-rhel9@sha256:c912a492c8da61ed281b43cf63b68aee8c3e6c56ad0683957816cc5a59c9d97a_amd64",
"product_id": "openshift4/metallb-rhel9@sha256:c912a492c8da61ed281b43cf63b68aee8c3e6c56ad0683957816cc5a59c9d97a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/metallb-rhel9@sha256:c912a492c8da61ed281b43cf63b68aee8c3e6c56ad0683957816cc5a59c9d97a?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/metallb-rhel9\u0026tag=v4.14.0-202506062303.p0.g990fd37.assembly.stream.el9"
}
}
},
{
"category": "product_version",
"name": "openshift4/metallb-rhel9-operator@sha256:56fb0a43bc9523519bbdb8ce5fb95180a2fec3d73bfda2112b5a8fe8a0951902_amd64",
"product": {
"name": "openshift4/metallb-rhel9-operator@sha256:56fb0a43bc9523519bbdb8ce5fb95180a2fec3d73bfda2112b5a8fe8a0951902_amd64",
"product_id": "openshift4/metallb-rhel9-operator@sha256:56fb0a43bc9523519bbdb8ce5fb95180a2fec3d73bfda2112b5a8fe8a0951902_amd64",
"product_identification_helper": {
"purl": "pkg:oci/metallb-rhel9-operator@sha256:56fb0a43bc9523519bbdb8ce5fb95180a2fec3d73bfda2112b5a8fe8a0951902?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/metallb-rhel9-operator\u0026tag=v4.14.0-202506112307.p0.ged35a97.assembly.stream.el9"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-ptp-operator@sha256:fd92f9f6285a523b6768436d05af8049415d1ed35a11312f7878328ce2813381_amd64",
"product": {
"name": "openshift4/ose-ptp-operator@sha256:fd92f9f6285a523b6768436d05af8049415d1ed35a11312f7878328ce2813381_amd64",
"product_id": "openshift4/ose-ptp-operator@sha256:fd92f9f6285a523b6768436d05af8049415d1ed35a11312f7878328ce2813381_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-ptp-operator@sha256:fd92f9f6285a523b6768436d05af8049415d1ed35a11312f7878328ce2813381?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-ptp-operator\u0026tag=v4.14.0-202506112307.p0.gc7be452.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-secrets-store-csi-driver-rhel8@sha256:b6380d146d2a8ce0cae86dd335f46a01697c3c91ac4b1d35f5610a0f538e5315_amd64",
"product": {
"name": "openshift4/ose-secrets-store-csi-driver-rhel8@sha256:b6380d146d2a8ce0cae86dd335f46a01697c3c91ac4b1d35f5610a0f538e5315_amd64",
"product_id": "openshift4/ose-secrets-store-csi-driver-rhel8@sha256:b6380d146d2a8ce0cae86dd335f46a01697c3c91ac4b1d35f5610a0f538e5315_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-secrets-store-csi-driver-rhel8@sha256:b6380d146d2a8ce0cae86dd335f46a01697c3c91ac4b1d35f5610a0f538e5315?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-secrets-store-csi-driver-rhel8\u0026tag=v4.14.0-202506112307.p0.g4b5bd4b.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:2857961dbd07c174e3c6ddc70fb789ce85e14a00e23cae3e4385d86b7c73b12e_amd64",
"product": {
"name": "openshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:2857961dbd07c174e3c6ddc70fb789ce85e14a00e23cae3e4385d86b7c73b12e_amd64",
"product_id": "openshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:2857961dbd07c174e3c6ddc70fb789ce85e14a00e23cae3e4385d86b7c73b12e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-secrets-store-csi-driver-rhel8-operator@sha256:2857961dbd07c174e3c6ddc70fb789ce85e14a00e23cae3e4385d86b7c73b12e?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-secrets-store-csi-driver-rhel8-operator\u0026tag=v4.14.0-202506112307.p0.g4f339d0.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:12cb94865b6698b8561fd21749d64ace31711375dd69a156dc58b280fa7b5867_amd64",
"product": {
"name": "openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:12cb94865b6698b8561fd21749d64ace31711375dd69a156dc58b280fa7b5867_amd64",
"product_id": "openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:12cb94865b6698b8561fd21749d64ace31711375dd69a156dc58b280fa7b5867_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-secrets-store-csi-mustgather-rhel8@sha256:12cb94865b6698b8561fd21749d64ace31711375dd69a156dc58b280fa7b5867?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-secrets-store-csi-mustgather-rhel8\u0026tag=v4.14.0-202506112307.p0.g4f339d0.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:46a5db2674418804e90cbbe9757f8b738bf92f9fd7bc59a1b7e24f128bd4c48e_amd64",
"product": {
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:46a5db2674418804e90cbbe9757f8b738bf92f9fd7bc59a1b7e24f128bd4c48e_amd64",
"product_id": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:46a5db2674418804e90cbbe9757f8b738bf92f9fd7bc59a1b7e24f128bd4c48e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-vertical-pod-autoscaler-rhel8@sha256:46a5db2674418804e90cbbe9757f8b738bf92f9fd7bc59a1b7e24f128bd4c48e?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel8\u0026tag=v4.14.0-202506112307.p0.gd030dba.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:a55e4ba925da6c54f0deeccd978eb1fcaa589be69da58fd0c03fafad6301e968_amd64",
"product": {
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:a55e4ba925da6c54f0deeccd978eb1fcaa589be69da58fd0c03fafad6301e968_amd64",
"product_id": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:a55e4ba925da6c54f0deeccd978eb1fcaa589be69da58fd0c03fafad6301e968_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-vertical-pod-autoscaler-rhel8-operator@sha256:a55e4ba925da6c54f0deeccd978eb1fcaa589be69da58fd0c03fafad6301e968?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel8-operator\u0026tag=v4.14.0-202506112307.p0.gb70ce20.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ptp-must-gather-rhel8@sha256:5a25db7c37642b87bd7a91e561f7beea7e55f6694e66163db7c23e11130c6165_amd64",
"product": {
"name": "openshift4/ptp-must-gather-rhel8@sha256:5a25db7c37642b87bd7a91e561f7beea7e55f6694e66163db7c23e11130c6165_amd64",
"product_id": "openshift4/ptp-must-gather-rhel8@sha256:5a25db7c37642b87bd7a91e561f7beea7e55f6694e66163db7c23e11130c6165_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ptp-must-gather-rhel8@sha256:5a25db7c37642b87bd7a91e561f7beea7e55f6694e66163db7c23e11130c6165?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ptp-must-gather-rhel8\u0026tag=v4.14.0-202506112307.p0.gc7be452.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/sriov-cni-rhel9@sha256:f5e21358eac8e80ee201fd4b3920df5ec5a90b03bd427b229fb28ccbb661632d_amd64",
"product": {
"name": "openshift4/sriov-cni-rhel9@sha256:f5e21358eac8e80ee201fd4b3920df5ec5a90b03bd427b229fb28ccbb661632d_amd64",
"product_id": "openshift4/sriov-cni-rhel9@sha256:f5e21358eac8e80ee201fd4b3920df5ec5a90b03bd427b229fb28ccbb661632d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/sriov-cni-rhel9@sha256:f5e21358eac8e80ee201fd4b3920df5ec5a90b03bd427b229fb28ccbb661632d?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/sriov-cni-rhel9\u0026tag=v4.14.0-202506062303.p0.g06859a6.assembly.stream.el9"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-sriov-dp-admission-controller@sha256:830ed60efcaf17e35764820f0ec826545c6dc9b7f1613b5671d45db0329ec044_amd64",
"product": {
"name": "openshift4/ose-sriov-dp-admission-controller@sha256:830ed60efcaf17e35764820f0ec826545c6dc9b7f1613b5671d45db0329ec044_amd64",
"product_id": "openshift4/ose-sriov-dp-admission-controller@sha256:830ed60efcaf17e35764820f0ec826545c6dc9b7f1613b5671d45db0329ec044_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-sriov-dp-admission-controller@sha256:830ed60efcaf17e35764820f0ec826545c6dc9b7f1613b5671d45db0329ec044?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-dp-admission-controller\u0026tag=v4.14.0-202506112307.p0.g5cdb661.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-sriov-network-config-daemon@sha256:03334b3311eb1077e01e06e90b99936f1cee32d336e17d959f1de79af7b149d2_amd64",
"product": {
"name": "openshift4/ose-sriov-network-config-daemon@sha256:03334b3311eb1077e01e06e90b99936f1cee32d336e17d959f1de79af7b149d2_amd64",
"product_id": "openshift4/ose-sriov-network-config-daemon@sha256:03334b3311eb1077e01e06e90b99936f1cee32d336e17d959f1de79af7b149d2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-sriov-network-config-daemon@sha256:03334b3311eb1077e01e06e90b99936f1cee32d336e17d959f1de79af7b149d2?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-config-daemon\u0026tag=v4.14.0-202506121138.p0.g937bb97.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-sriov-network-device-plugin@sha256:f52d2c9a995d0d00af6394de7fc5239b6a494295eedb22debd8024125940d659_amd64",
"product": {
"name": "openshift4/ose-sriov-network-device-plugin@sha256:f52d2c9a995d0d00af6394de7fc5239b6a494295eedb22debd8024125940d659_amd64",
"product_id": "openshift4/ose-sriov-network-device-plugin@sha256:f52d2c9a995d0d00af6394de7fc5239b6a494295eedb22debd8024125940d659_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-sriov-network-device-plugin@sha256:f52d2c9a995d0d00af6394de7fc5239b6a494295eedb22debd8024125940d659?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-device-plugin\u0026tag=v4.14.0-202506112307.p0.g430adb7.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-sriov-network-operator@sha256:b8f20871bbf1edb04d0d8d539777a02d4ae1404c355297a1f3adf7682aca6106_amd64",
"product": {
"name": "openshift4/ose-sriov-network-operator@sha256:b8f20871bbf1edb04d0d8d539777a02d4ae1404c355297a1f3adf7682aca6106_amd64",
"product_id": "openshift4/ose-sriov-network-operator@sha256:b8f20871bbf1edb04d0d8d539777a02d4ae1404c355297a1f3adf7682aca6106_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-sriov-network-operator@sha256:b8f20871bbf1edb04d0d8d539777a02d4ae1404c355297a1f3adf7682aca6106?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-operator\u0026tag=v4.14.0-202506121138.p0.g937bb97.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-sriov-network-webhook@sha256:fd6f41701c4c193afe47879a15f7e96a6db3683d13d41efae8dd9d60d1af298e_amd64",
"product": {
"name": "openshift4/ose-sriov-network-webhook@sha256:fd6f41701c4c193afe47879a15f7e96a6db3683d13d41efae8dd9d60d1af298e_amd64",
"product_id": "openshift4/ose-sriov-network-webhook@sha256:fd6f41701c4c193afe47879a15f7e96a6db3683d13d41efae8dd9d60d1af298e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-sriov-network-webhook@sha256:fd6f41701c4c193afe47879a15f7e96a6db3683d13d41efae8dd9d60d1af298e?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-webhook\u0026tag=v4.14.0-202506121138.p0.g937bb97.assembly.stream.el8"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift4/cloud-event-proxy-rhel8@sha256:0233506139f3316717ab4fb411d7377ab469f45bfec7e145011a0036a50a9d7d_arm64",
"product": {
"name": "openshift4/cloud-event-proxy-rhel8@sha256:0233506139f3316717ab4fb411d7377ab469f45bfec7e145011a0036a50a9d7d_arm64",
"product_id": "openshift4/cloud-event-proxy-rhel8@sha256:0233506139f3316717ab4fb411d7377ab469f45bfec7e145011a0036a50a9d7d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cloud-event-proxy-rhel8@sha256:0233506139f3316717ab4fb411d7377ab469f45bfec7e145011a0036a50a9d7d?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/cloud-event-proxy-rhel8\u0026tag=v4.14.0-202506112307.p0.g69bbc7c.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-cloud-event-proxy-rhel8@sha256:0233506139f3316717ab4fb411d7377ab469f45bfec7e145011a0036a50a9d7d_arm64",
"product": {
"name": "openshift4/ose-cloud-event-proxy-rhel8@sha256:0233506139f3316717ab4fb411d7377ab469f45bfec7e145011a0036a50a9d7d_arm64",
"product_id": "openshift4/ose-cloud-event-proxy-rhel8@sha256:0233506139f3316717ab4fb411d7377ab469f45bfec7e145011a0036a50a9d7d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-cloud-event-proxy-rhel8@sha256:0233506139f3316717ab4fb411d7377ab469f45bfec7e145011a0036a50a9d7d?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-cloud-event-proxy-rhel8\u0026tag=v4.14.0-202506112307.p0.g69bbc7c.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-nfd-operator@sha256:7b9c7c4817bf68ec006d0fb1761b6c81f72548e8bd027a002dc60d0a5f390917_arm64",
"product": {
"name": "openshift4/ose-cluster-nfd-operator@sha256:7b9c7c4817bf68ec006d0fb1761b6c81f72548e8bd027a002dc60d0a5f390917_arm64",
"product_id": "openshift4/ose-cluster-nfd-operator@sha256:7b9c7c4817bf68ec006d0fb1761b6c81f72548e8bd027a002dc60d0a5f390917_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-cluster-nfd-operator@sha256:7b9c7c4817bf68ec006d0fb1761b6c81f72548e8bd027a002dc60d0a5f390917?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-nfd-operator\u0026tag=v4.14.0-202506112307.p0.ga62d778.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-sriov-infiniband-cni@sha256:d193a096f62cf7d366eed248157b5384c1a73edf0712f6cccb8d7835d760cf1f_arm64",
"product": {
"name": "openshift4/ose-sriov-infiniband-cni@sha256:d193a096f62cf7d366eed248157b5384c1a73edf0712f6cccb8d7835d760cf1f_arm64",
"product_id": "openshift4/ose-sriov-infiniband-cni@sha256:d193a096f62cf7d366eed248157b5384c1a73edf0712f6cccb8d7835d760cf1f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-sriov-infiniband-cni@sha256:d193a096f62cf7d366eed248157b5384c1a73edf0712f6cccb8d7835d760cf1f?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-infiniband-cni\u0026tag=v4.14.0-202506112307.p0.gcc85a75.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ingress-node-firewall-rhel9@sha256:96802e02ddb58f3744b36e2b6194c4bef07510b53493bbabf7a61a4b54a8fdf7_arm64",
"product": {
"name": "openshift4/ingress-node-firewall-rhel9@sha256:96802e02ddb58f3744b36e2b6194c4bef07510b53493bbabf7a61a4b54a8fdf7_arm64",
"product_id": "openshift4/ingress-node-firewall-rhel9@sha256:96802e02ddb58f3744b36e2b6194c4bef07510b53493bbabf7a61a4b54a8fdf7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ingress-node-firewall-rhel9@sha256:96802e02ddb58f3744b36e2b6194c4bef07510b53493bbabf7a61a4b54a8fdf7?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ingress-node-firewall-rhel9\u0026tag=v4.14.0-202506062303.p0.gd71e4a3.assembly.stream.el9"
}
}
},
{
"category": "product_version",
"name": "openshift4/ingress-node-firewall-rhel9-operator@sha256:32c12362ad54a0ffcd979ccdffd150e6fd4a8e9dc5d238aba30f40afeae13f40_arm64",
"product": {
"name": "openshift4/ingress-node-firewall-rhel9-operator@sha256:32c12362ad54a0ffcd979ccdffd150e6fd4a8e9dc5d238aba30f40afeae13f40_arm64",
"product_id": "openshift4/ingress-node-firewall-rhel9-operator@sha256:32c12362ad54a0ffcd979ccdffd150e6fd4a8e9dc5d238aba30f40afeae13f40_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ingress-node-firewall-rhel9-operator@sha256:32c12362ad54a0ffcd979ccdffd150e6fd4a8e9dc5d238aba30f40afeae13f40?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ingress-node-firewall-rhel9-operator\u0026tag=v4.14.0-202506112307.p0.gd71e4a3.assembly.stream.el9"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-local-storage-diskmaker@sha256:c17a11d96808a60770d9584d514fa9b8e1e9af157f2cf79a2014d50d9d6199f1_arm64",
"product": {
"name": "openshift4/ose-local-storage-diskmaker@sha256:c17a11d96808a60770d9584d514fa9b8e1e9af157f2cf79a2014d50d9d6199f1_arm64",
"product_id": "openshift4/ose-local-storage-diskmaker@sha256:c17a11d96808a60770d9584d514fa9b8e1e9af157f2cf79a2014d50d9d6199f1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-local-storage-diskmaker@sha256:c17a11d96808a60770d9584d514fa9b8e1e9af157f2cf79a2014d50d9d6199f1?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-diskmaker\u0026tag=v4.14.0-202506112307.p0.g599ce82.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-local-storage-operator@sha256:59a79f32bfdb17d733440113388ba60d6e3c578fcc093795d2ccbe912aee5889_arm64",
"product": {
"name": "openshift4/ose-local-storage-operator@sha256:59a79f32bfdb17d733440113388ba60d6e3c578fcc093795d2ccbe912aee5889_arm64",
"product_id": "openshift4/ose-local-storage-operator@sha256:59a79f32bfdb17d733440113388ba60d6e3c578fcc093795d2ccbe912aee5889_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-local-storage-operator@sha256:59a79f32bfdb17d733440113388ba60d6e3c578fcc093795d2ccbe912aee5889?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-operator\u0026tag=v4.14.0-202506112307.p0.g599ce82.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/nmstate-console-plugin-rhel8@sha256:9b25503c39de5d5f867412e32f2d0e1e3c96cd63bb8232b45b250f13658ce8ca_arm64",
"product": {
"name": "openshift4/nmstate-console-plugin-rhel8@sha256:9b25503c39de5d5f867412e32f2d0e1e3c96cd63bb8232b45b250f13658ce8ca_arm64",
"product_id": "openshift4/nmstate-console-plugin-rhel8@sha256:9b25503c39de5d5f867412e32f2d0e1e3c96cd63bb8232b45b250f13658ce8ca_arm64",
"product_identification_helper": {
"purl": "pkg:oci/nmstate-console-plugin-rhel8@sha256:9b25503c39de5d5f867412e32f2d0e1e3c96cd63bb8232b45b250f13658ce8ca?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/nmstate-console-plugin-rhel8\u0026tag=v4.14.0-202506250034.p0.gb82c422.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-node-feature-discovery@sha256:dc5a8d56401996a8110c1cd6eccd68228d38ed5882698f66e115075fc4583ab6_arm64",
"product": {
"name": "openshift4/ose-node-feature-discovery@sha256:dc5a8d56401996a8110c1cd6eccd68228d38ed5882698f66e115075fc4583ab6_arm64",
"product_id": "openshift4/ose-node-feature-discovery@sha256:dc5a8d56401996a8110c1cd6eccd68228d38ed5882698f66e115075fc4583ab6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-node-feature-discovery@sha256:dc5a8d56401996a8110c1cd6eccd68228d38ed5882698f66e115075fc4583ab6?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-node-feature-discovery\u0026tag=v4.14.0-202506112307.p0.gb30f8cb.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-ansible-operator@sha256:b91606fd2a40224ce012e8acd18fcf20284c7ad73d4d86ff4a9c84d2adb9a96d_arm64",
"product": {
"name": "openshift4/ose-ansible-operator@sha256:b91606fd2a40224ce012e8acd18fcf20284c7ad73d4d86ff4a9c84d2adb9a96d_arm64",
"product_id": "openshift4/ose-ansible-operator@sha256:b91606fd2a40224ce012e8acd18fcf20284c7ad73d4d86ff4a9c84d2adb9a96d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-ansible-operator@sha256:b91606fd2a40224ce012e8acd18fcf20284c7ad73d4d86ff4a9c84d2adb9a96d?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-ansible-operator\u0026tag=v4.14.0-202506112307.p0.g0ad973f.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-capacity@sha256:c9127c4411c6d7a1cb2c32736cfa0a0b972ff6508c7cfdae86de059024225cce_arm64",
"product": {
"name": "openshift4/ose-cluster-capacity@sha256:c9127c4411c6d7a1cb2c32736cfa0a0b972ff6508c7cfdae86de059024225cce_arm64",
"product_id": "openshift4/ose-cluster-capacity@sha256:c9127c4411c6d7a1cb2c32736cfa0a0b972ff6508c7cfdae86de059024225cce_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-cluster-capacity@sha256:c9127c4411c6d7a1cb2c32736cfa0a0b972ff6508c7cfdae86de059024225cce?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-capacity\u0026tag=v4.14.0-202506112307.p0.g1d2edb6.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-egress-dns-proxy@sha256:a3a708a31abc7daec585f5d4fbefd60c75d17527a236dab815d8e91efd2a4ca8_arm64",
"product": {
"name": "openshift4/ose-egress-dns-proxy@sha256:a3a708a31abc7daec585f5d4fbefd60c75d17527a236dab815d8e91efd2a4ca8_arm64",
"product_id": "openshift4/ose-egress-dns-proxy@sha256:a3a708a31abc7daec585f5d4fbefd60c75d17527a236dab815d8e91efd2a4ca8_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-egress-dns-proxy@sha256:a3a708a31abc7daec585f5d4fbefd60c75d17527a236dab815d8e91efd2a4ca8?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-egress-dns-proxy\u0026tag=v4.14.0-202506112307.p0.g03e5f40.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-egress-router@sha256:6dcc7f04eb6d45dcad71d95642c26452ed104677c0a6792b1bc7186833bd669d_arm64",
"product": {
"name": "openshift4/ose-egress-router@sha256:6dcc7f04eb6d45dcad71d95642c26452ed104677c0a6792b1bc7186833bd669d_arm64",
"product_id": "openshift4/ose-egress-router@sha256:6dcc7f04eb6d45dcad71d95642c26452ed104677c0a6792b1bc7186833bd669d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-egress-router@sha256:6dcc7f04eb6d45dcad71d95642c26452ed104677c0a6792b1bc7186833bd669d?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-egress-router\u0026tag=v4.14.0-202506112307.p0.g03e5f40.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-helm-operator@sha256:78fb603acaec5f02aad58c26c481210303139c9bee7088d77a41ce8ffb2cbd63_arm64",
"product": {
"name": "openshift4/ose-helm-operator@sha256:78fb603acaec5f02aad58c26c481210303139c9bee7088d77a41ce8ffb2cbd63_arm64",
"product_id": "openshift4/ose-helm-operator@sha256:78fb603acaec5f02aad58c26c481210303139c9bee7088d77a41ce8ffb2cbd63_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-helm-operator@sha256:78fb603acaec5f02aad58c26c481210303139c9bee7088d77a41ce8ffb2cbd63?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-helm-operator\u0026tag=v4.14.0-202506112307.p0.g0ad973f.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-operator-sdk-rhel8@sha256:3d3760bd0c452b1c6f183446634175701fcc41b348a8d580c94582cad3dc7bf7_arm64",
"product": {
"name": "openshift4/ose-operator-sdk-rhel8@sha256:3d3760bd0c452b1c6f183446634175701fcc41b348a8d580c94582cad3dc7bf7_arm64",
"product_id": "openshift4/ose-operator-sdk-rhel8@sha256:3d3760bd0c452b1c6f183446634175701fcc41b348a8d580c94582cad3dc7bf7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-operator-sdk-rhel8@sha256:3d3760bd0c452b1c6f183446634175701fcc41b348a8d580c94582cad3dc7bf7?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-operator-sdk-rhel8\u0026tag=v4.14.0-202506250034.p0.g0ad973f.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:db0607fff034e11d26709d215e141888806680f5ef9322ce9f70985cde03e56a_arm64",
"product": {
"name": "openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:db0607fff034e11d26709d215e141888806680f5ef9322ce9f70985cde03e56a_arm64",
"product_id": "openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:db0607fff034e11d26709d215e141888806680f5ef9322ce9f70985cde03e56a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-kubernetes-nmstate-handler-rhel9@sha256:db0607fff034e11d26709d215e141888806680f5ef9322ce9f70985cde03e56a?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-kubernetes-nmstate-handler-rhel9\u0026tag=v4.14.0-202506062303.p0.g23117c5.assembly.stream.el9"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:2e2414e207988fc6398dfb00fafbb461f2ee0528af3bf534003a2a9c8e07e119_arm64",
"product": {
"name": "openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:2e2414e207988fc6398dfb00fafbb461f2ee0528af3bf534003a2a9c8e07e119_arm64",
"product_id": "openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:2e2414e207988fc6398dfb00fafbb461f2ee0528af3bf534003a2a9c8e07e119_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-aws-efs-csi-driver-container-rhel8@sha256:2e2414e207988fc6398dfb00fafbb461f2ee0528af3bf534003a2a9c8e07e119?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-aws-efs-csi-driver-container-rhel8\u0026tag=v4.14.0-202506112307.p0.g67eddc2.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:ebbf6a1ff536c69d8269a134d3e87b0e7972630a522ce1bb1e61c81551f7f5ae_arm64",
"product": {
"name": "openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:ebbf6a1ff536c69d8269a134d3e87b0e7972630a522ce1bb1e61c81551f7f5ae_arm64",
"product_id": "openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:ebbf6a1ff536c69d8269a134d3e87b0e7972630a522ce1bb1e61c81551f7f5ae_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-aws-efs-csi-driver-rhel8-operator@sha256:ebbf6a1ff536c69d8269a134d3e87b0e7972630a522ce1bb1e61c81551f7f5ae?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-aws-efs-csi-driver-rhel8-operator\u0026tag=v4.14.0-202506112307.p0.g9884f76.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-clusterresourceoverride-rhel8@sha256:f645a0c9eda6ee156a9d3dd8b44e1e3cdcfb6d4fc370c9fbec2828059162bd0f_arm64",
"product": {
"name": "openshift4/ose-clusterresourceoverride-rhel8@sha256:f645a0c9eda6ee156a9d3dd8b44e1e3cdcfb6d4fc370c9fbec2828059162bd0f_arm64",
"product_id": "openshift4/ose-clusterresourceoverride-rhel8@sha256:f645a0c9eda6ee156a9d3dd8b44e1e3cdcfb6d4fc370c9fbec2828059162bd0f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-clusterresourceoverride-rhel8@sha256:f645a0c9eda6ee156a9d3dd8b44e1e3cdcfb6d4fc370c9fbec2828059162bd0f?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel8\u0026tag=v4.14.0-202506112307.p0.g61de9ca.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:5cdbd4891472df1e3b9df59ab9182ad2df0fec81bae7ccf3d1b805927d08ad55_arm64",
"product": {
"name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:5cdbd4891472df1e3b9df59ab9182ad2df0fec81bae7ccf3d1b805927d08ad55_arm64",
"product_id": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:5cdbd4891472df1e3b9df59ab9182ad2df0fec81bae7ccf3d1b805927d08ad55_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-clusterresourceoverride-rhel8-operator@sha256:5cdbd4891472df1e3b9df59ab9182ad2df0fec81bae7ccf3d1b805927d08ad55?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel8-operator\u0026tag=v4.14.0-202506112307.p0.g699f73c.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:eef4ba305e30869cf2cc3a54b9712458ca71eb9550c00d2ecadca50bb83754a1_arm64",
"product": {
"name": "openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:eef4ba305e30869cf2cc3a54b9712458ca71eb9550c00d2ecadca50bb83754a1_arm64",
"product_id": "openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:eef4ba305e30869cf2cc3a54b9712458ca71eb9550c00d2ecadca50bb83754a1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:eef4ba305e30869cf2cc3a54b9712458ca71eb9550c00d2ecadca50bb83754a1?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-csi-driver-shared-resource-mustgather-rhel8\u0026tag=v4.14.0-202506112307.p0.g9232c1f.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-egress-http-proxy@sha256:8d7dceabb1706c35b8c98bc036882590acd1b31318d1d8a242890f500b965631_arm64",
"product": {
"name": "openshift4/ose-egress-http-proxy@sha256:8d7dceabb1706c35b8c98bc036882590acd1b31318d1d8a242890f500b965631_arm64",
"product_id": "openshift4/ose-egress-http-proxy@sha256:8d7dceabb1706c35b8c98bc036882590acd1b31318d1d8a242890f500b965631_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-egress-http-proxy@sha256:8d7dceabb1706c35b8c98bc036882590acd1b31318d1d8a242890f500b965631?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-egress-http-proxy\u0026tag=v4.14.0-202506112307.p0.g03e5f40.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/frr-rhel9@sha256:27a9c1e634790230c826d34a9560017534ab0447204e1426e27c01235a996857_arm64",
"product": {
"name": "openshift4/frr-rhel9@sha256:27a9c1e634790230c826d34a9560017534ab0447204e1426e27c01235a996857_arm64",
"product_id": "openshift4/frr-rhel9@sha256:27a9c1e634790230c826d34a9560017534ab0447204e1426e27c01235a996857_arm64",
"product_identification_helper": {
"purl": "pkg:oci/frr-rhel9@sha256:27a9c1e634790230c826d34a9560017534ab0447204e1426e27c01235a996857?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/frr-rhel9\u0026tag=v4.14.0-202506062303.p0.g0414ca3.assembly.stream.el9"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:6351b63ec08719fda2a61b1bea0924ce7640c85a4665d123bad9b6e71d5daceb_arm64",
"product": {
"name": "openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:6351b63ec08719fda2a61b1bea0924ce7640c85a4665d123bad9b6e71d5daceb_arm64",
"product_id": "openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:6351b63ec08719fda2a61b1bea0924ce7640c85a4665d123bad9b6e71d5daceb_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-gcp-filestore-csi-driver-rhel8@sha256:6351b63ec08719fda2a61b1bea0924ce7640c85a4665d123bad9b6e71d5daceb?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-gcp-filestore-csi-driver-rhel8\u0026tag=v4.14.0-202506112307.p0.ga6af579.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:2d3d91c55331a0cfb33fbfc7c8de6731dbffbf4bbb8c9ec4e5f72557ec972c08_arm64",
"product": {
"name": "openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:2d3d91c55331a0cfb33fbfc7c8de6731dbffbf4bbb8c9ec4e5f72557ec972c08_arm64",
"product_id": "openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:2d3d91c55331a0cfb33fbfc7c8de6731dbffbf4bbb8c9ec4e5f72557ec972c08_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:2d3d91c55331a0cfb33fbfc7c8de6731dbffbf4bbb8c9ec4e5f72557ec972c08?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-gcp-filestore-csi-driver-rhel8-operator\u0026tag=v4.14.0-202506112307.p0.g5028f0a.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/kubernetes-nmstate-rhel9-operator@sha256:70262eb0385b7420a41f3091a3d9ae1c8d1f2df7c74a22a3832852ada597b2fa_arm64",
"product": {
"name": "openshift4/kubernetes-nmstate-rhel9-operator@sha256:70262eb0385b7420a41f3091a3d9ae1c8d1f2df7c74a22a3832852ada597b2fa_arm64",
"product_id": "openshift4/kubernetes-nmstate-rhel9-operator@sha256:70262eb0385b7420a41f3091a3d9ae1c8d1f2df7c74a22a3832852ada597b2fa_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kubernetes-nmstate-rhel9-operator@sha256:70262eb0385b7420a41f3091a3d9ae1c8d1f2df7c74a22a3832852ada597b2fa?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/kubernetes-nmstate-rhel9-operator\u0026tag=v4.14.0-202506250034.p0.g23117c5.assembly.stream.el9"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-ptp-rhel9@sha256:4a6a289fd2c3b11a4754320ed9dacf16cf1994eacfc403a802fff37fd936e5af_arm64",
"product": {
"name": "openshift4/ose-ptp-rhel9@sha256:4a6a289fd2c3b11a4754320ed9dacf16cf1994eacfc403a802fff37fd936e5af_arm64",
"product_id": "openshift4/ose-ptp-rhel9@sha256:4a6a289fd2c3b11a4754320ed9dacf16cf1994eacfc403a802fff37fd936e5af_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-ptp-rhel9@sha256:4a6a289fd2c3b11a4754320ed9dacf16cf1994eacfc403a802fff37fd936e5af?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-ptp-rhel9\u0026tag=v4.14.0-202506062303.p0.g23551f5.assembly.stream.el9"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-local-storage-mustgather-rhel8@sha256:d598aaab20904ca3a7f8c1cd662ab885d417dacd404e2d5815e456cd9f89e317_arm64",
"product": {
"name": "openshift4/ose-local-storage-mustgather-rhel8@sha256:d598aaab20904ca3a7f8c1cd662ab885d417dacd404e2d5815e456cd9f89e317_arm64",
"product_id": "openshift4/ose-local-storage-mustgather-rhel8@sha256:d598aaab20904ca3a7f8c1cd662ab885d417dacd404e2d5815e456cd9f89e317_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-local-storage-mustgather-rhel8@sha256:d598aaab20904ca3a7f8c1cd662ab885d417dacd404e2d5815e456cd9f89e317?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-mustgather-rhel8\u0026tag=v4.14.0-202506112307.p0.g599ce82.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/metallb-rhel9@sha256:640fac8f22d1afb5c7e3a1f43a67d0169c006e69cc0c8c858d4113893fbd41d9_arm64",
"product": {
"name": "openshift4/metallb-rhel9@sha256:640fac8f22d1afb5c7e3a1f43a67d0169c006e69cc0c8c858d4113893fbd41d9_arm64",
"product_id": "openshift4/metallb-rhel9@sha256:640fac8f22d1afb5c7e3a1f43a67d0169c006e69cc0c8c858d4113893fbd41d9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/metallb-rhel9@sha256:640fac8f22d1afb5c7e3a1f43a67d0169c006e69cc0c8c858d4113893fbd41d9?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/metallb-rhel9\u0026tag=v4.14.0-202506062303.p0.g990fd37.assembly.stream.el9"
}
}
},
{
"category": "product_version",
"name": "openshift4/metallb-rhel9-operator@sha256:60b33ad6b9e49d9d34fce895b735618a0b9b488b1ea833206f4c1d71f21c8993_arm64",
"product": {
"name": "openshift4/metallb-rhel9-operator@sha256:60b33ad6b9e49d9d34fce895b735618a0b9b488b1ea833206f4c1d71f21c8993_arm64",
"product_id": "openshift4/metallb-rhel9-operator@sha256:60b33ad6b9e49d9d34fce895b735618a0b9b488b1ea833206f4c1d71f21c8993_arm64",
"product_identification_helper": {
"purl": "pkg:oci/metallb-rhel9-operator@sha256:60b33ad6b9e49d9d34fce895b735618a0b9b488b1ea833206f4c1d71f21c8993?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/metallb-rhel9-operator\u0026tag=v4.14.0-202506112307.p0.ged35a97.assembly.stream.el9"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-ptp-operator@sha256:e0be86b6efc1c1898ff40374e2accbe0458e314baa400ff752fbdb8a555c079c_arm64",
"product": {
"name": "openshift4/ose-ptp-operator@sha256:e0be86b6efc1c1898ff40374e2accbe0458e314baa400ff752fbdb8a555c079c_arm64",
"product_id": "openshift4/ose-ptp-operator@sha256:e0be86b6efc1c1898ff40374e2accbe0458e314baa400ff752fbdb8a555c079c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-ptp-operator@sha256:e0be86b6efc1c1898ff40374e2accbe0458e314baa400ff752fbdb8a555c079c?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-ptp-operator\u0026tag=v4.14.0-202506112307.p0.gc7be452.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-secrets-store-csi-driver-rhel8@sha256:a5698b6dfa73b393ee9fcd81877f9c55cbbf6cca8ea82e968368803e67516b5c_arm64",
"product": {
"name": "openshift4/ose-secrets-store-csi-driver-rhel8@sha256:a5698b6dfa73b393ee9fcd81877f9c55cbbf6cca8ea82e968368803e67516b5c_arm64",
"product_id": "openshift4/ose-secrets-store-csi-driver-rhel8@sha256:a5698b6dfa73b393ee9fcd81877f9c55cbbf6cca8ea82e968368803e67516b5c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-secrets-store-csi-driver-rhel8@sha256:a5698b6dfa73b393ee9fcd81877f9c55cbbf6cca8ea82e968368803e67516b5c?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-secrets-store-csi-driver-rhel8\u0026tag=v4.14.0-202506112307.p0.g4b5bd4b.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:674dda9f790499a4746f13234612046f126bb2b9a6c94d81d845409979f07a38_arm64",
"product": {
"name": "openshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:674dda9f790499a4746f13234612046f126bb2b9a6c94d81d845409979f07a38_arm64",
"product_id": "openshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:674dda9f790499a4746f13234612046f126bb2b9a6c94d81d845409979f07a38_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-secrets-store-csi-driver-rhel8-operator@sha256:674dda9f790499a4746f13234612046f126bb2b9a6c94d81d845409979f07a38?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-secrets-store-csi-driver-rhel8-operator\u0026tag=v4.14.0-202506112307.p0.g4f339d0.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:fa57aff3382f7b4745673b217f61ba4496c7d67be7c852eebb93f5450df39c8c_arm64",
"product": {
"name": "openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:fa57aff3382f7b4745673b217f61ba4496c7d67be7c852eebb93f5450df39c8c_arm64",
"product_id": "openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:fa57aff3382f7b4745673b217f61ba4496c7d67be7c852eebb93f5450df39c8c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-secrets-store-csi-mustgather-rhel8@sha256:fa57aff3382f7b4745673b217f61ba4496c7d67be7c852eebb93f5450df39c8c?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-secrets-store-csi-mustgather-rhel8\u0026tag=v4.14.0-202506112307.p0.g4f339d0.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:e0ab787a1380d1f8f209aac1d347cb4d1cb7adb8156efd530324fea16604422e_arm64",
"product": {
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:e0ab787a1380d1f8f209aac1d347cb4d1cb7adb8156efd530324fea16604422e_arm64",
"product_id": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:e0ab787a1380d1f8f209aac1d347cb4d1cb7adb8156efd530324fea16604422e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-vertical-pod-autoscaler-rhel8@sha256:e0ab787a1380d1f8f209aac1d347cb4d1cb7adb8156efd530324fea16604422e?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel8\u0026tag=v4.14.0-202506112307.p0.gd030dba.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:8dbcc2e15c8b36c68e088a6cdf2e91177b04fa59bb3bb1790bf6033da8135e16_arm64",
"product": {
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:8dbcc2e15c8b36c68e088a6cdf2e91177b04fa59bb3bb1790bf6033da8135e16_arm64",
"product_id": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:8dbcc2e15c8b36c68e088a6cdf2e91177b04fa59bb3bb1790bf6033da8135e16_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-vertical-pod-autoscaler-rhel8-operator@sha256:8dbcc2e15c8b36c68e088a6cdf2e91177b04fa59bb3bb1790bf6033da8135e16?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel8-operator\u0026tag=v4.14.0-202506112307.p0.gb70ce20.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ptp-must-gather-rhel8@sha256:ce42996d1525496c72b7211ad37de3cc99203fa9362977322f656421db4a4fb0_arm64",
"product": {
"name": "openshift4/ptp-must-gather-rhel8@sha256:ce42996d1525496c72b7211ad37de3cc99203fa9362977322f656421db4a4fb0_arm64",
"product_id": "openshift4/ptp-must-gather-rhel8@sha256:ce42996d1525496c72b7211ad37de3cc99203fa9362977322f656421db4a4fb0_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ptp-must-gather-rhel8@sha256:ce42996d1525496c72b7211ad37de3cc99203fa9362977322f656421db4a4fb0?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ptp-must-gather-rhel8\u0026tag=v4.14.0-202506112307.p0.gc7be452.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/sriov-cni-rhel9@sha256:ff08318a45ee53cbcbd9f43d77a00dc183676dac01c5205b7bee6d3152fca66e_arm64",
"product": {
"name": "openshift4/sriov-cni-rhel9@sha256:ff08318a45ee53cbcbd9f43d77a00dc183676dac01c5205b7bee6d3152fca66e_arm64",
"product_id": "openshift4/sriov-cni-rhel9@sha256:ff08318a45ee53cbcbd9f43d77a00dc183676dac01c5205b7bee6d3152fca66e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/sriov-cni-rhel9@sha256:ff08318a45ee53cbcbd9f43d77a00dc183676dac01c5205b7bee6d3152fca66e?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/sriov-cni-rhel9\u0026tag=v4.14.0-202506062303.p0.g06859a6.assembly.stream.el9"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-sriov-dp-admission-controller@sha256:fdda28aec9753d39bfd2c0098d4384ae7ad14250dab14b3a115aac568baed368_arm64",
"product": {
"name": "openshift4/ose-sriov-dp-admission-controller@sha256:fdda28aec9753d39bfd2c0098d4384ae7ad14250dab14b3a115aac568baed368_arm64",
"product_id": "openshift4/ose-sriov-dp-admission-controller@sha256:fdda28aec9753d39bfd2c0098d4384ae7ad14250dab14b3a115aac568baed368_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-sriov-dp-admission-controller@sha256:fdda28aec9753d39bfd2c0098d4384ae7ad14250dab14b3a115aac568baed368?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-dp-admission-controller\u0026tag=v4.14.0-202506112307.p0.g5cdb661.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-sriov-network-config-daemon@sha256:53939bd098c335aa5199436e960b435495a80b50dd03f1300dbcd21e1c68b4f6_arm64",
"product": {
"name": "openshift4/ose-sriov-network-config-daemon@sha256:53939bd098c335aa5199436e960b435495a80b50dd03f1300dbcd21e1c68b4f6_arm64",
"product_id": "openshift4/ose-sriov-network-config-daemon@sha256:53939bd098c335aa5199436e960b435495a80b50dd03f1300dbcd21e1c68b4f6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-sriov-network-config-daemon@sha256:53939bd098c335aa5199436e960b435495a80b50dd03f1300dbcd21e1c68b4f6?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-config-daemon\u0026tag=v4.14.0-202506121138.p0.g937bb97.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-sriov-network-device-plugin@sha256:3a5da82b4327cf32eb9b6d128aa345d0be36f42ca861c857bc6fca4c4f1eecaa_arm64",
"product": {
"name": "openshift4/ose-sriov-network-device-plugin@sha256:3a5da82b4327cf32eb9b6d128aa345d0be36f42ca861c857bc6fca4c4f1eecaa_arm64",
"product_id": "openshift4/ose-sriov-network-device-plugin@sha256:3a5da82b4327cf32eb9b6d128aa345d0be36f42ca861c857bc6fca4c4f1eecaa_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-sriov-network-device-plugin@sha256:3a5da82b4327cf32eb9b6d128aa345d0be36f42ca861c857bc6fca4c4f1eecaa?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-device-plugin\u0026tag=v4.14.0-202506112307.p0.g430adb7.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-sriov-network-operator@sha256:dde4cfe3c53192974f810ba48792d2544152405103a48347c5c4d95d3ad8c4ce_arm64",
"product": {
"name": "openshift4/ose-sriov-network-operator@sha256:dde4cfe3c53192974f810ba48792d2544152405103a48347c5c4d95d3ad8c4ce_arm64",
"product_id": "openshift4/ose-sriov-network-operator@sha256:dde4cfe3c53192974f810ba48792d2544152405103a48347c5c4d95d3ad8c4ce_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-sriov-network-operator@sha256:dde4cfe3c53192974f810ba48792d2544152405103a48347c5c4d95d3ad8c4ce?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-operator\u0026tag=v4.14.0-202506121138.p0.g937bb97.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-sriov-network-webhook@sha256:c5085ac0089de82f8c873830a897c0e7986d96bc766e19ddd3ee73152f244c30_arm64",
"product": {
"name": "openshift4/ose-sriov-network-webhook@sha256:c5085ac0089de82f8c873830a897c0e7986d96bc766e19ddd3ee73152f244c30_arm64",
"product_id": "openshift4/ose-sriov-network-webhook@sha256:c5085ac0089de82f8c873830a897c0e7986d96bc766e19ddd3ee73152f244c30_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-sriov-network-webhook@sha256:c5085ac0089de82f8c873830a897c0e7986d96bc766e19ddd3ee73152f244c30?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-webhook\u0026tag=v4.14.0-202506121138.p0.g937bb97.assembly.stream.el8"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift4/cloud-event-proxy-rhel8@sha256:3e3eba75b1a95f8cf5486824a48add0a2dedf9098aa9dfdf9a7ec4459223f78d_ppc64le",
"product": {
"name": "openshift4/cloud-event-proxy-rhel8@sha256:3e3eba75b1a95f8cf5486824a48add0a2dedf9098aa9dfdf9a7ec4459223f78d_ppc64le",
"product_id": "openshift4/cloud-event-proxy-rhel8@sha256:3e3eba75b1a95f8cf5486824a48add0a2dedf9098aa9dfdf9a7ec4459223f78d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cloud-event-proxy-rhel8@sha256:3e3eba75b1a95f8cf5486824a48add0a2dedf9098aa9dfdf9a7ec4459223f78d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/cloud-event-proxy-rhel8\u0026tag=v4.14.0-202506112307.p0.g69bbc7c.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-cloud-event-proxy-rhel8@sha256:3e3eba75b1a95f8cf5486824a48add0a2dedf9098aa9dfdf9a7ec4459223f78d_ppc64le",
"product": {
"name": "openshift4/ose-cloud-event-proxy-rhel8@sha256:3e3eba75b1a95f8cf5486824a48add0a2dedf9098aa9dfdf9a7ec4459223f78d_ppc64le",
"product_id": "openshift4/ose-cloud-event-proxy-rhel8@sha256:3e3eba75b1a95f8cf5486824a48add0a2dedf9098aa9dfdf9a7ec4459223f78d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-cloud-event-proxy-rhel8@sha256:3e3eba75b1a95f8cf5486824a48add0a2dedf9098aa9dfdf9a7ec4459223f78d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-cloud-event-proxy-rhel8\u0026tag=v4.14.0-202506112307.p0.g69bbc7c.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-nfd-operator@sha256:be3236ef05a81a2f580a95449416848357bec283afb6a2994651a40f1c560aef_ppc64le",
"product": {
"name": "openshift4/ose-cluster-nfd-operator@sha256:be3236ef05a81a2f580a95449416848357bec283afb6a2994651a40f1c560aef_ppc64le",
"product_id": "openshift4/ose-cluster-nfd-operator@sha256:be3236ef05a81a2f580a95449416848357bec283afb6a2994651a40f1c560aef_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-cluster-nfd-operator@sha256:be3236ef05a81a2f580a95449416848357bec283afb6a2994651a40f1c560aef?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-nfd-operator\u0026tag=v4.14.0-202506112307.p0.ga62d778.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-sriov-infiniband-cni@sha256:7014d8c68ef59a17cad0f55ec727c8b0444acd18b0fc6487d2662b631dbddac5_ppc64le",
"product": {
"name": "openshift4/ose-sriov-infiniband-cni@sha256:7014d8c68ef59a17cad0f55ec727c8b0444acd18b0fc6487d2662b631dbddac5_ppc64le",
"product_id": "openshift4/ose-sriov-infiniband-cni@sha256:7014d8c68ef59a17cad0f55ec727c8b0444acd18b0fc6487d2662b631dbddac5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-sriov-infiniband-cni@sha256:7014d8c68ef59a17cad0f55ec727c8b0444acd18b0fc6487d2662b631dbddac5?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-infiniband-cni\u0026tag=v4.14.0-202506112307.p0.gcc85a75.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ingress-node-firewall-rhel9@sha256:985c78cbef57834ffb72edff477729d48e94fea3d2b8591a80288579ea7dfff7_ppc64le",
"product": {
"name": "openshift4/ingress-node-firewall-rhel9@sha256:985c78cbef57834ffb72edff477729d48e94fea3d2b8591a80288579ea7dfff7_ppc64le",
"product_id": "openshift4/ingress-node-firewall-rhel9@sha256:985c78cbef57834ffb72edff477729d48e94fea3d2b8591a80288579ea7dfff7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ingress-node-firewall-rhel9@sha256:985c78cbef57834ffb72edff477729d48e94fea3d2b8591a80288579ea7dfff7?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ingress-node-firewall-rhel9\u0026tag=v4.14.0-202506062303.p0.gd71e4a3.assembly.stream.el9"
}
}
},
{
"category": "product_version",
"name": "openshift4/ingress-node-firewall-rhel9-operator@sha256:88baf977bdb6a6039e03f4058af9d1dc335ad0d1cabbefb5e603fbcc343fe26e_ppc64le",
"product": {
"name": "openshift4/ingress-node-firewall-rhel9-operator@sha256:88baf977bdb6a6039e03f4058af9d1dc335ad0d1cabbefb5e603fbcc343fe26e_ppc64le",
"product_id": "openshift4/ingress-node-firewall-rhel9-operator@sha256:88baf977bdb6a6039e03f4058af9d1dc335ad0d1cabbefb5e603fbcc343fe26e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ingress-node-firewall-rhel9-operator@sha256:88baf977bdb6a6039e03f4058af9d1dc335ad0d1cabbefb5e603fbcc343fe26e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ingress-node-firewall-rhel9-operator\u0026tag=v4.14.0-202506112307.p0.gd71e4a3.assembly.stream.el9"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-local-storage-diskmaker@sha256:2601f42edc41c0d559b6576ed5a27c6cb30832cab5e3c2f905a4b05989d3f6e1_ppc64le",
"product": {
"name": "openshift4/ose-local-storage-diskmaker@sha256:2601f42edc41c0d559b6576ed5a27c6cb30832cab5e3c2f905a4b05989d3f6e1_ppc64le",
"product_id": "openshift4/ose-local-storage-diskmaker@sha256:2601f42edc41c0d559b6576ed5a27c6cb30832cab5e3c2f905a4b05989d3f6e1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-local-storage-diskmaker@sha256:2601f42edc41c0d559b6576ed5a27c6cb30832cab5e3c2f905a4b05989d3f6e1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-diskmaker\u0026tag=v4.14.0-202506112307.p0.g599ce82.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-local-storage-operator@sha256:229629a1cc2efda7eb97c7e5a05fea436af8a799ee15b1950f13c39722b9aac1_ppc64le",
"product": {
"name": "openshift4/ose-local-storage-operator@sha256:229629a1cc2efda7eb97c7e5a05fea436af8a799ee15b1950f13c39722b9aac1_ppc64le",
"product_id": "openshift4/ose-local-storage-operator@sha256:229629a1cc2efda7eb97c7e5a05fea436af8a799ee15b1950f13c39722b9aac1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-local-storage-operator@sha256:229629a1cc2efda7eb97c7e5a05fea436af8a799ee15b1950f13c39722b9aac1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-operator\u0026tag=v4.14.0-202506112307.p0.g599ce82.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/nmstate-console-plugin-rhel8@sha256:ad3c9ee876c4a3e7c67d2b862d409cc0637272a38a1b387fdf642cbd4dbb8b31_ppc64le",
"product": {
"name": "openshift4/nmstate-console-plugin-rhel8@sha256:ad3c9ee876c4a3e7c67d2b862d409cc0637272a38a1b387fdf642cbd4dbb8b31_ppc64le",
"product_id": "openshift4/nmstate-console-plugin-rhel8@sha256:ad3c9ee876c4a3e7c67d2b862d409cc0637272a38a1b387fdf642cbd4dbb8b31_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/nmstate-console-plugin-rhel8@sha256:ad3c9ee876c4a3e7c67d2b862d409cc0637272a38a1b387fdf642cbd4dbb8b31?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/nmstate-console-plugin-rhel8\u0026tag=v4.14.0-202506250034.p0.gb82c422.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-node-feature-discovery@sha256:9e75a192bddc56383c17223a0330ffdc62eef5135086b0cae4b374b03e844bb3_ppc64le",
"product": {
"name": "openshift4/ose-node-feature-discovery@sha256:9e75a192bddc56383c17223a0330ffdc62eef5135086b0cae4b374b03e844bb3_ppc64le",
"product_id": "openshift4/ose-node-feature-discovery@sha256:9e75a192bddc56383c17223a0330ffdc62eef5135086b0cae4b374b03e844bb3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-node-feature-discovery@sha256:9e75a192bddc56383c17223a0330ffdc62eef5135086b0cae4b374b03e844bb3?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-node-feature-discovery\u0026tag=v4.14.0-202506112307.p0.gb30f8cb.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-ansible-operator@sha256:7bd899717c4eb9d617f7b825c76ae2f0a246d0d4b1ef70d8494fd6e10bf97693_ppc64le",
"product": {
"name": "openshift4/ose-ansible-operator@sha256:7bd899717c4eb9d617f7b825c76ae2f0a246d0d4b1ef70d8494fd6e10bf97693_ppc64le",
"product_id": "openshift4/ose-ansible-operator@sha256:7bd899717c4eb9d617f7b825c76ae2f0a246d0d4b1ef70d8494fd6e10bf97693_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-ansible-operator@sha256:7bd899717c4eb9d617f7b825c76ae2f0a246d0d4b1ef70d8494fd6e10bf97693?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-ansible-operator\u0026tag=v4.14.0-202506112307.p0.g0ad973f.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-capacity@sha256:8df5a2f8cd8e5b1c6ad6301910f1a6d7775bcec87822d2a907ef0d6eb4cb91eb_ppc64le",
"product": {
"name": "openshift4/ose-cluster-capacity@sha256:8df5a2f8cd8e5b1c6ad6301910f1a6d7775bcec87822d2a907ef0d6eb4cb91eb_ppc64le",
"product_id": "openshift4/ose-cluster-capacity@sha256:8df5a2f8cd8e5b1c6ad6301910f1a6d7775bcec87822d2a907ef0d6eb4cb91eb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-cluster-capacity@sha256:8df5a2f8cd8e5b1c6ad6301910f1a6d7775bcec87822d2a907ef0d6eb4cb91eb?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-capacity\u0026tag=v4.14.0-202506112307.p0.g1d2edb6.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-egress-dns-proxy@sha256:e5231045d512b40282c14b1b78eb9dbbf7a40258d5ac4790bcbba0e49f2c42ae_ppc64le",
"product": {
"name": "openshift4/ose-egress-dns-proxy@sha256:e5231045d512b40282c14b1b78eb9dbbf7a40258d5ac4790bcbba0e49f2c42ae_ppc64le",
"product_id": "openshift4/ose-egress-dns-proxy@sha256:e5231045d512b40282c14b1b78eb9dbbf7a40258d5ac4790bcbba0e49f2c42ae_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-egress-dns-proxy@sha256:e5231045d512b40282c14b1b78eb9dbbf7a40258d5ac4790bcbba0e49f2c42ae?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-egress-dns-proxy\u0026tag=v4.14.0-202506112307.p0.g03e5f40.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-egress-router@sha256:fc3412a4004fd2b5d29978a48a90aeaea0aadec04cb1488a558de5709c342437_ppc64le",
"product": {
"name": "openshift4/ose-egress-router@sha256:fc3412a4004fd2b5d29978a48a90aeaea0aadec04cb1488a558de5709c342437_ppc64le",
"product_id": "openshift4/ose-egress-router@sha256:fc3412a4004fd2b5d29978a48a90aeaea0aadec04cb1488a558de5709c342437_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-egress-router@sha256:fc3412a4004fd2b5d29978a48a90aeaea0aadec04cb1488a558de5709c342437?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-egress-router\u0026tag=v4.14.0-202506112307.p0.g03e5f40.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-helm-operator@sha256:155832f8b4b038aa41e76a1ed3fa0cf3250a062a45830361e5b7c07d249c7c1f_ppc64le",
"product": {
"name": "openshift4/ose-helm-operator@sha256:155832f8b4b038aa41e76a1ed3fa0cf3250a062a45830361e5b7c07d249c7c1f_ppc64le",
"product_id": "openshift4/ose-helm-operator@sha256:155832f8b4b038aa41e76a1ed3fa0cf3250a062a45830361e5b7c07d249c7c1f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-helm-operator@sha256:155832f8b4b038aa41e76a1ed3fa0cf3250a062a45830361e5b7c07d249c7c1f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-helm-operator\u0026tag=v4.14.0-202506112307.p0.g0ad973f.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-operator-sdk-rhel8@sha256:d88ffcb4d9ec6be183f4c6f74aa49f83031f3af972d4bd293369476e0e2e436b_ppc64le",
"product": {
"name": "openshift4/ose-operator-sdk-rhel8@sha256:d88ffcb4d9ec6be183f4c6f74aa49f83031f3af972d4bd293369476e0e2e436b_ppc64le",
"product_id": "openshift4/ose-operator-sdk-rhel8@sha256:d88ffcb4d9ec6be183f4c6f74aa49f83031f3af972d4bd293369476e0e2e436b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-operator-sdk-rhel8@sha256:d88ffcb4d9ec6be183f4c6f74aa49f83031f3af972d4bd293369476e0e2e436b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-operator-sdk-rhel8\u0026tag=v4.14.0-202506250034.p0.g0ad973f.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:cd0658df500867eeb7b998965adb620d0cb46de763486017dcd5895ace115bbd_ppc64le",
"product": {
"name": "openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:cd0658df500867eeb7b998965adb620d0cb46de763486017dcd5895ace115bbd_ppc64le",
"product_id": "openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:cd0658df500867eeb7b998965adb620d0cb46de763486017dcd5895ace115bbd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-kubernetes-nmstate-handler-rhel9@sha256:cd0658df500867eeb7b998965adb620d0cb46de763486017dcd5895ace115bbd?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-kubernetes-nmstate-handler-rhel9\u0026tag=v4.14.0-202506062303.p0.g23117c5.assembly.stream.el9"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-clusterresourceoverride-rhel8@sha256:f754504100e19640509c0e38a430a51cd7cedf95aac72b5acfd1021be63e80c1_ppc64le",
"product": {
"name": "openshift4/ose-clusterresourceoverride-rhel8@sha256:f754504100e19640509c0e38a430a51cd7cedf95aac72b5acfd1021be63e80c1_ppc64le",
"product_id": "openshift4/ose-clusterresourceoverride-rhel8@sha256:f754504100e19640509c0e38a430a51cd7cedf95aac72b5acfd1021be63e80c1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-clusterresourceoverride-rhel8@sha256:f754504100e19640509c0e38a430a51cd7cedf95aac72b5acfd1021be63e80c1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel8\u0026tag=v4.14.0-202506112307.p0.g61de9ca.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:ed73893139fefee3b698603d94c07aff11ba1b507ebf736eefebf71c591fadd1_ppc64le",
"product": {
"name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:ed73893139fefee3b698603d94c07aff11ba1b507ebf736eefebf71c591fadd1_ppc64le",
"product_id": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:ed73893139fefee3b698603d94c07aff11ba1b507ebf736eefebf71c591fadd1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-clusterresourceoverride-rhel8-operator@sha256:ed73893139fefee3b698603d94c07aff11ba1b507ebf736eefebf71c591fadd1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel8-operator\u0026tag=v4.14.0-202506112307.p0.g699f73c.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:166caeed258b48a754012d7543eb83f104bb90886857f5152f1b97ca3340c1ff_ppc64le",
"product": {
"name": "openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:166caeed258b48a754012d7543eb83f104bb90886857f5152f1b97ca3340c1ff_ppc64le",
"product_id": "openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:166caeed258b48a754012d7543eb83f104bb90886857f5152f1b97ca3340c1ff_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:166caeed258b48a754012d7543eb83f104bb90886857f5152f1b97ca3340c1ff?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-csi-driver-shared-resource-mustgather-rhel8\u0026tag=v4.14.0-202506112307.p0.g9232c1f.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-egress-http-proxy@sha256:15afdb8c07a3fcf206fa489a9a26a2ffc6a3c02a9bec3f3fc3501e25a4b104d6_ppc64le",
"product": {
"name": "openshift4/ose-egress-http-proxy@sha256:15afdb8c07a3fcf206fa489a9a26a2ffc6a3c02a9bec3f3fc3501e25a4b104d6_ppc64le",
"product_id": "openshift4/ose-egress-http-proxy@sha256:15afdb8c07a3fcf206fa489a9a26a2ffc6a3c02a9bec3f3fc3501e25a4b104d6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-egress-http-proxy@sha256:15afdb8c07a3fcf206fa489a9a26a2ffc6a3c02a9bec3f3fc3501e25a4b104d6?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-egress-http-proxy\u0026tag=v4.14.0-202506112307.p0.g03e5f40.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/frr-rhel9@sha256:8d2b596cd979659bf6315108291aec567d187b91c4aa6ed0195c20936bb03b94_ppc64le",
"product": {
"name": "openshift4/frr-rhel9@sha256:8d2b596cd979659bf6315108291aec567d187b91c4aa6ed0195c20936bb03b94_ppc64le",
"product_id": "openshift4/frr-rhel9@sha256:8d2b596cd979659bf6315108291aec567d187b91c4aa6ed0195c20936bb03b94_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/frr-rhel9@sha256:8d2b596cd979659bf6315108291aec567d187b91c4aa6ed0195c20936bb03b94?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/frr-rhel9\u0026tag=v4.14.0-202506062303.p0.g0414ca3.assembly.stream.el9"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:9a66401431611b9b942f68573fa1a0b45fafbff85c100ecd796a73a9e83208b1_ppc64le",
"product": {
"name": "openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:9a66401431611b9b942f68573fa1a0b45fafbff85c100ecd796a73a9e83208b1_ppc64le",
"product_id": "openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:9a66401431611b9b942f68573fa1a0b45fafbff85c100ecd796a73a9e83208b1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-gcp-filestore-csi-driver-rhel8@sha256:9a66401431611b9b942f68573fa1a0b45fafbff85c100ecd796a73a9e83208b1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-gcp-filestore-csi-driver-rhel8\u0026tag=v4.14.0-202506112307.p0.ga6af579.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:6dea50cae8f307a3822de67a47ac1fb65a594a0f50454e689030ac85fea23af2_ppc64le",
"product": {
"name": "openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:6dea50cae8f307a3822de67a47ac1fb65a594a0f50454e689030ac85fea23af2_ppc64le",
"product_id": "openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:6dea50cae8f307a3822de67a47ac1fb65a594a0f50454e689030ac85fea23af2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:6dea50cae8f307a3822de67a47ac1fb65a594a0f50454e689030ac85fea23af2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-gcp-filestore-csi-driver-rhel8-operator\u0026tag=v4.14.0-202506112307.p0.g5028f0a.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/kubernetes-nmstate-rhel9-operator@sha256:5df6fdb232e0f834571fcd11856625a89793ca0b17a6f98332e692f209af378a_ppc64le",
"product": {
"name": "openshift4/kubernetes-nmstate-rhel9-operator@sha256:5df6fdb232e0f834571fcd11856625a89793ca0b17a6f98332e692f209af378a_ppc64le",
"product_id": "openshift4/kubernetes-nmstate-rhel9-operator@sha256:5df6fdb232e0f834571fcd11856625a89793ca0b17a6f98332e692f209af378a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kubernetes-nmstate-rhel9-operator@sha256:5df6fdb232e0f834571fcd11856625a89793ca0b17a6f98332e692f209af378a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/kubernetes-nmstate-rhel9-operator\u0026tag=v4.14.0-202506250034.p0.g23117c5.assembly.stream.el9"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-ptp-rhel9@sha256:97ddc4cf9fbdb0256da206cda301875c56c3349c934f49dfaffb3a732311d95a_ppc64le",
"product": {
"name": "openshift4/ose-ptp-rhel9@sha256:97ddc4cf9fbdb0256da206cda301875c56c3349c934f49dfaffb3a732311d95a_ppc64le",
"product_id": "openshift4/ose-ptp-rhel9@sha256:97ddc4cf9fbdb0256da206cda301875c56c3349c934f49dfaffb3a732311d95a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-ptp-rhel9@sha256:97ddc4cf9fbdb0256da206cda301875c56c3349c934f49dfaffb3a732311d95a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-ptp-rhel9\u0026tag=v4.14.0-202506062303.p0.g23551f5.assembly.stream.el9"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-local-storage-mustgather-rhel8@sha256:bb2169b62a6dd96f9d589eab45981c79f3e8c3c7422fe47b70ddc28548804574_ppc64le",
"product": {
"name": "openshift4/ose-local-storage-mustgather-rhel8@sha256:bb2169b62a6dd96f9d589eab45981c79f3e8c3c7422fe47b70ddc28548804574_ppc64le",
"product_id": "openshift4/ose-local-storage-mustgather-rhel8@sha256:bb2169b62a6dd96f9d589eab45981c79f3e8c3c7422fe47b70ddc28548804574_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-local-storage-mustgather-rhel8@sha256:bb2169b62a6dd96f9d589eab45981c79f3e8c3c7422fe47b70ddc28548804574?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-mustgather-rhel8\u0026tag=v4.14.0-202506112307.p0.g599ce82.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/metallb-rhel9@sha256:bb6f983de658f0713852e5dfafefd3808c7061c1d16f9a93d5f7b177a8c64d7f_ppc64le",
"product": {
"name": "openshift4/metallb-rhel9@sha256:bb6f983de658f0713852e5dfafefd3808c7061c1d16f9a93d5f7b177a8c64d7f_ppc64le",
"product_id": "openshift4/metallb-rhel9@sha256:bb6f983de658f0713852e5dfafefd3808c7061c1d16f9a93d5f7b177a8c64d7f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/metallb-rhel9@sha256:bb6f983de658f0713852e5dfafefd3808c7061c1d16f9a93d5f7b177a8c64d7f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/metallb-rhel9\u0026tag=v4.14.0-202506062303.p0.g990fd37.assembly.stream.el9"
}
}
},
{
"category": "product_version",
"name": "openshift4/metallb-rhel9-operator@sha256:6da914e66d7047b31a3da77b527df3ed21f55f1e298d0b0c7e4ce212380f268b_ppc64le",
"product": {
"name": "openshift4/metallb-rhel9-operator@sha256:6da914e66d7047b31a3da77b527df3ed21f55f1e298d0b0c7e4ce212380f268b_ppc64le",
"product_id": "openshift4/metallb-rhel9-operator@sha256:6da914e66d7047b31a3da77b527df3ed21f55f1e298d0b0c7e4ce212380f268b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/metallb-rhel9-operator@sha256:6da914e66d7047b31a3da77b527df3ed21f55f1e298d0b0c7e4ce212380f268b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/metallb-rhel9-operator\u0026tag=v4.14.0-202506112307.p0.ged35a97.assembly.stream.el9"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-ptp-operator@sha256:3c3e0881e66ef1533a965c0dfa2d4e2816fb794a620a48c8cf587650101ce90f_ppc64le",
"product": {
"name": "openshift4/ose-ptp-operator@sha256:3c3e0881e66ef1533a965c0dfa2d4e2816fb794a620a48c8cf587650101ce90f_ppc64le",
"product_id": "openshift4/ose-ptp-operator@sha256:3c3e0881e66ef1533a965c0dfa2d4e2816fb794a620a48c8cf587650101ce90f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-ptp-operator@sha256:3c3e0881e66ef1533a965c0dfa2d4e2816fb794a620a48c8cf587650101ce90f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-ptp-operator\u0026tag=v4.14.0-202506112307.p0.gc7be452.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-secrets-store-csi-driver-rhel8@sha256:2339ae002806aa5322420a38f67da684ebc4fde8a94d06bc8798b9398dcad391_ppc64le",
"product": {
"name": "openshift4/ose-secrets-store-csi-driver-rhel8@sha256:2339ae002806aa5322420a38f67da684ebc4fde8a94d06bc8798b9398dcad391_ppc64le",
"product_id": "openshift4/ose-secrets-store-csi-driver-rhel8@sha256:2339ae002806aa5322420a38f67da684ebc4fde8a94d06bc8798b9398dcad391_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-secrets-store-csi-driver-rhel8@sha256:2339ae002806aa5322420a38f67da684ebc4fde8a94d06bc8798b9398dcad391?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-secrets-store-csi-driver-rhel8\u0026tag=v4.14.0-202506112307.p0.g4b5bd4b.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:4a099fea103dbf21971b79cad02327fac7a50912793cca32f31df71d6c2a1606_ppc64le",
"product": {
"name": "openshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:4a099fea103dbf21971b79cad02327fac7a50912793cca32f31df71d6c2a1606_ppc64le",
"product_id": "openshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:4a099fea103dbf21971b79cad02327fac7a50912793cca32f31df71d6c2a1606_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-secrets-store-csi-driver-rhel8-operator@sha256:4a099fea103dbf21971b79cad02327fac7a50912793cca32f31df71d6c2a1606?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-secrets-store-csi-driver-rhel8-operator\u0026tag=v4.14.0-202506112307.p0.g4f339d0.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:9cbc765dfa9c5a11b8fe8096e523ef9705d75526343c6864c399f8416e879f2f_ppc64le",
"product": {
"name": "openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:9cbc765dfa9c5a11b8fe8096e523ef9705d75526343c6864c399f8416e879f2f_ppc64le",
"product_id": "openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:9cbc765dfa9c5a11b8fe8096e523ef9705d75526343c6864c399f8416e879f2f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-secrets-store-csi-mustgather-rhel8@sha256:9cbc765dfa9c5a11b8fe8096e523ef9705d75526343c6864c399f8416e879f2f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-secrets-store-csi-mustgather-rhel8\u0026tag=v4.14.0-202506112307.p0.g4f339d0.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:3fafe355d0816b4c07a8760887e0626416bc485c8f40930a55b235539e60a4fd_ppc64le",
"product": {
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:3fafe355d0816b4c07a8760887e0626416bc485c8f40930a55b235539e60a4fd_ppc64le",
"product_id": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:3fafe355d0816b4c07a8760887e0626416bc485c8f40930a55b235539e60a4fd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-vertical-pod-autoscaler-rhel8@sha256:3fafe355d0816b4c07a8760887e0626416bc485c8f40930a55b235539e60a4fd?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel8\u0026tag=v4.14.0-202506112307.p0.gd030dba.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:36b350ba9856d2498e0a472f7f2dadc2e996361ca61fbf54716df1e23736e682_ppc64le",
"product": {
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:36b350ba9856d2498e0a472f7f2dadc2e996361ca61fbf54716df1e23736e682_ppc64le",
"product_id": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:36b350ba9856d2498e0a472f7f2dadc2e996361ca61fbf54716df1e23736e682_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-vertical-pod-autoscaler-rhel8-operator@sha256:36b350ba9856d2498e0a472f7f2dadc2e996361ca61fbf54716df1e23736e682?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel8-operator\u0026tag=v4.14.0-202506112307.p0.gb70ce20.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ptp-must-gather-rhel8@sha256:84d4108297c134dbe94e4e00c45ff68f4f5b1119bd6389a12d8a0ee5c4d13eb4_ppc64le",
"product": {
"name": "openshift4/ptp-must-gather-rhel8@sha256:84d4108297c134dbe94e4e00c45ff68f4f5b1119bd6389a12d8a0ee5c4d13eb4_ppc64le",
"product_id": "openshift4/ptp-must-gather-rhel8@sha256:84d4108297c134dbe94e4e00c45ff68f4f5b1119bd6389a12d8a0ee5c4d13eb4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ptp-must-gather-rhel8@sha256:84d4108297c134dbe94e4e00c45ff68f4f5b1119bd6389a12d8a0ee5c4d13eb4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ptp-must-gather-rhel8\u0026tag=v4.14.0-202506112307.p0.gc7be452.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/sriov-cni-rhel9@sha256:207ed00baf6d077a00a6526ddd535801d3c9db36baf8e818e87db18be867576c_ppc64le",
"product": {
"name": "openshift4/sriov-cni-rhel9@sha256:207ed00baf6d077a00a6526ddd535801d3c9db36baf8e818e87db18be867576c_ppc64le",
"product_id": "openshift4/sriov-cni-rhel9@sha256:207ed00baf6d077a00a6526ddd535801d3c9db36baf8e818e87db18be867576c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/sriov-cni-rhel9@sha256:207ed00baf6d077a00a6526ddd535801d3c9db36baf8e818e87db18be867576c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/sriov-cni-rhel9\u0026tag=v4.14.0-202506062303.p0.g06859a6.assembly.stream.el9"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-sriov-dp-admission-controller@sha256:22ff303478681836fd5510c2adb2d2191f94b1d7a7f4e13e7da093a6ad73d10b_ppc64le",
"product": {
"name": "openshift4/ose-sriov-dp-admission-controller@sha256:22ff303478681836fd5510c2adb2d2191f94b1d7a7f4e13e7da093a6ad73d10b_ppc64le",
"product_id": "openshift4/ose-sriov-dp-admission-controller@sha256:22ff303478681836fd5510c2adb2d2191f94b1d7a7f4e13e7da093a6ad73d10b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-sriov-dp-admission-controller@sha256:22ff303478681836fd5510c2adb2d2191f94b1d7a7f4e13e7da093a6ad73d10b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-dp-admission-controller\u0026tag=v4.14.0-202506112307.p0.g5cdb661.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-sriov-network-config-daemon@sha256:6bc4f173c437f9c1f1fa22b1822772c3524b2ba8f8de1665ade371270437a11c_ppc64le",
"product": {
"name": "openshift4/ose-sriov-network-config-daemon@sha256:6bc4f173c437f9c1f1fa22b1822772c3524b2ba8f8de1665ade371270437a11c_ppc64le",
"product_id": "openshift4/ose-sriov-network-config-daemon@sha256:6bc4f173c437f9c1f1fa22b1822772c3524b2ba8f8de1665ade371270437a11c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-sriov-network-config-daemon@sha256:6bc4f173c437f9c1f1fa22b1822772c3524b2ba8f8de1665ade371270437a11c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-config-daemon\u0026tag=v4.14.0-202506121138.p0.g937bb97.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-sriov-network-device-plugin@sha256:30b935ecfa51f199c9dc104975242e4251f8361ea4dd1ff2c0b0d83b7f4630b3_ppc64le",
"product": {
"name": "openshift4/ose-sriov-network-device-plugin@sha256:30b935ecfa51f199c9dc104975242e4251f8361ea4dd1ff2c0b0d83b7f4630b3_ppc64le",
"product_id": "openshift4/ose-sriov-network-device-plugin@sha256:30b935ecfa51f199c9dc104975242e4251f8361ea4dd1ff2c0b0d83b7f4630b3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-sriov-network-device-plugin@sha256:30b935ecfa51f199c9dc104975242e4251f8361ea4dd1ff2c0b0d83b7f4630b3?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-device-plugin\u0026tag=v4.14.0-202506112307.p0.g430adb7.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-sriov-network-operator@sha256:ecc2bc79460e660198b1642bd0cb616ca623e3a686a303b90e8ea923c1627a65_ppc64le",
"product": {
"name": "openshift4/ose-sriov-network-operator@sha256:ecc2bc79460e660198b1642bd0cb616ca623e3a686a303b90e8ea923c1627a65_ppc64le",
"product_id": "openshift4/ose-sriov-network-operator@sha256:ecc2bc79460e660198b1642bd0cb616ca623e3a686a303b90e8ea923c1627a65_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-sriov-network-operator@sha256:ecc2bc79460e660198b1642bd0cb616ca623e3a686a303b90e8ea923c1627a65?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-operator\u0026tag=v4.14.0-202506121138.p0.g937bb97.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-sriov-network-webhook@sha256:da46eb4b254a9dc777959e263fefefd5a38e18d52974faf3ef2a70abe5983114_ppc64le",
"product": {
"name": "openshift4/ose-sriov-network-webhook@sha256:da46eb4b254a9dc777959e263fefefd5a38e18d52974faf3ef2a70abe5983114_ppc64le",
"product_id": "openshift4/ose-sriov-network-webhook@sha256:da46eb4b254a9dc777959e263fefefd5a38e18d52974faf3ef2a70abe5983114_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-sriov-network-webhook@sha256:da46eb4b254a9dc777959e263fefefd5a38e18d52974faf3ef2a70abe5983114?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-webhook\u0026tag=v4.14.0-202506121138.p0.g937bb97.assembly.stream.el8"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift4/ose-cluster-nfd-operator@sha256:23b1acf720e336f758901b9022e399643b5f5e303a0e49213fafddab2d3ea723_s390x",
"product": {
"name": "openshift4/ose-cluster-nfd-operator@sha256:23b1acf720e336f758901b9022e399643b5f5e303a0e49213fafddab2d3ea723_s390x",
"product_id": "openshift4/ose-cluster-nfd-operator@sha256:23b1acf720e336f758901b9022e399643b5f5e303a0e49213fafddab2d3ea723_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-cluster-nfd-operator@sha256:23b1acf720e336f758901b9022e399643b5f5e303a0e49213fafddab2d3ea723?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-nfd-operator\u0026tag=v4.14.0-202506112307.p0.ga62d778.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ingress-node-firewall-rhel9@sha256:04336565c63caea4f35906c909565c0c4f643a99ea720ed04584e558e9db9ded_s390x",
"product": {
"name": "openshift4/ingress-node-firewall-rhel9@sha256:04336565c63caea4f35906c909565c0c4f643a99ea720ed04584e558e9db9ded_s390x",
"product_id": "openshift4/ingress-node-firewall-rhel9@sha256:04336565c63caea4f35906c909565c0c4f643a99ea720ed04584e558e9db9ded_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ingress-node-firewall-rhel9@sha256:04336565c63caea4f35906c909565c0c4f643a99ea720ed04584e558e9db9ded?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ingress-node-firewall-rhel9\u0026tag=v4.14.0-202506062303.p0.gd71e4a3.assembly.stream.el9"
}
}
},
{
"category": "product_version",
"name": "openshift4/ingress-node-firewall-rhel9-operator@sha256:b61cc9682c3b773716f6a44c38f07150a25a22bf755d512fc6912e289658a3c1_s390x",
"product": {
"name": "openshift4/ingress-node-firewall-rhel9-operator@sha256:b61cc9682c3b773716f6a44c38f07150a25a22bf755d512fc6912e289658a3c1_s390x",
"product_id": "openshift4/ingress-node-firewall-rhel9-operator@sha256:b61cc9682c3b773716f6a44c38f07150a25a22bf755d512fc6912e289658a3c1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ingress-node-firewall-rhel9-operator@sha256:b61cc9682c3b773716f6a44c38f07150a25a22bf755d512fc6912e289658a3c1?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ingress-node-firewall-rhel9-operator\u0026tag=v4.14.0-202506112307.p0.gd71e4a3.assembly.stream.el9"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-local-storage-diskmaker@sha256:fe6e83adaf8e0b5458a2dfbf84c967472975cd9e279a37af9cebcd2646b78bfa_s390x",
"product": {
"name": "openshift4/ose-local-storage-diskmaker@sha256:fe6e83adaf8e0b5458a2dfbf84c967472975cd9e279a37af9cebcd2646b78bfa_s390x",
"product_id": "openshift4/ose-local-storage-diskmaker@sha256:fe6e83adaf8e0b5458a2dfbf84c967472975cd9e279a37af9cebcd2646b78bfa_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-local-storage-diskmaker@sha256:fe6e83adaf8e0b5458a2dfbf84c967472975cd9e279a37af9cebcd2646b78bfa?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-diskmaker\u0026tag=v4.14.0-202506112307.p0.g599ce82.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-local-storage-operator@sha256:69da9a9b9063086cd4a488d1f3e1822fdf4e0905c47922effadaab4f6d10cf72_s390x",
"product": {
"name": "openshift4/ose-local-storage-operator@sha256:69da9a9b9063086cd4a488d1f3e1822fdf4e0905c47922effadaab4f6d10cf72_s390x",
"product_id": "openshift4/ose-local-storage-operator@sha256:69da9a9b9063086cd4a488d1f3e1822fdf4e0905c47922effadaab4f6d10cf72_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-local-storage-operator@sha256:69da9a9b9063086cd4a488d1f3e1822fdf4e0905c47922effadaab4f6d10cf72?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-operator\u0026tag=v4.14.0-202506112307.p0.g599ce82.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/nmstate-console-plugin-rhel8@sha256:bb460ed4f6b5a6394a3002f564b66a1a90dffd1399194e791c2ffc7012c67190_s390x",
"product": {
"name": "openshift4/nmstate-console-plugin-rhel8@sha256:bb460ed4f6b5a6394a3002f564b66a1a90dffd1399194e791c2ffc7012c67190_s390x",
"product_id": "openshift4/nmstate-console-plugin-rhel8@sha256:bb460ed4f6b5a6394a3002f564b66a1a90dffd1399194e791c2ffc7012c67190_s390x",
"product_identification_helper": {
"purl": "pkg:oci/nmstate-console-plugin-rhel8@sha256:bb460ed4f6b5a6394a3002f564b66a1a90dffd1399194e791c2ffc7012c67190?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/nmstate-console-plugin-rhel8\u0026tag=v4.14.0-202506250034.p0.gb82c422.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-node-feature-discovery@sha256:6c39cede9440d2bdca5641682c58d8e33eaeb12dcc5998d917d90102bc646aa6_s390x",
"product": {
"name": "openshift4/ose-node-feature-discovery@sha256:6c39cede9440d2bdca5641682c58d8e33eaeb12dcc5998d917d90102bc646aa6_s390x",
"product_id": "openshift4/ose-node-feature-discovery@sha256:6c39cede9440d2bdca5641682c58d8e33eaeb12dcc5998d917d90102bc646aa6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-node-feature-discovery@sha256:6c39cede9440d2bdca5641682c58d8e33eaeb12dcc5998d917d90102bc646aa6?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-node-feature-discovery\u0026tag=v4.14.0-202506112307.p0.gb30f8cb.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-ansible-operator@sha256:3ab1697898937e270feadff93e17b9a4cd6de777e60fb4ab05cb856dd8b28c70_s390x",
"product": {
"name": "openshift4/ose-ansible-operator@sha256:3ab1697898937e270feadff93e17b9a4cd6de777e60fb4ab05cb856dd8b28c70_s390x",
"product_id": "openshift4/ose-ansible-operator@sha256:3ab1697898937e270feadff93e17b9a4cd6de777e60fb4ab05cb856dd8b28c70_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-ansible-operator@sha256:3ab1697898937e270feadff93e17b9a4cd6de777e60fb4ab05cb856dd8b28c70?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-ansible-operator\u0026tag=v4.14.0-202506112307.p0.g0ad973f.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-capacity@sha256:5d05868107f7c3ecedf574dda3d591760c04b78ddfdf7ae51b7f4fa575e12a5c_s390x",
"product": {
"name": "openshift4/ose-cluster-capacity@sha256:5d05868107f7c3ecedf574dda3d591760c04b78ddfdf7ae51b7f4fa575e12a5c_s390x",
"product_id": "openshift4/ose-cluster-capacity@sha256:5d05868107f7c3ecedf574dda3d591760c04b78ddfdf7ae51b7f4fa575e12a5c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-cluster-capacity@sha256:5d05868107f7c3ecedf574dda3d591760c04b78ddfdf7ae51b7f4fa575e12a5c?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-capacity\u0026tag=v4.14.0-202506112307.p0.g1d2edb6.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-egress-dns-proxy@sha256:c5acfaca74c9151e40c283c71e67ae5f1d6403f05f783728b084becdae260980_s390x",
"product": {
"name": "openshift4/ose-egress-dns-proxy@sha256:c5acfaca74c9151e40c283c71e67ae5f1d6403f05f783728b084becdae260980_s390x",
"product_id": "openshift4/ose-egress-dns-proxy@sha256:c5acfaca74c9151e40c283c71e67ae5f1d6403f05f783728b084becdae260980_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-egress-dns-proxy@sha256:c5acfaca74c9151e40c283c71e67ae5f1d6403f05f783728b084becdae260980?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-egress-dns-proxy\u0026tag=v4.14.0-202506112307.p0.g03e5f40.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-egress-router@sha256:d880b552f898125df92dcad8854f5f88e0e83a15fde87d1949c1bebda474ef57_s390x",
"product": {
"name": "openshift4/ose-egress-router@sha256:d880b552f898125df92dcad8854f5f88e0e83a15fde87d1949c1bebda474ef57_s390x",
"product_id": "openshift4/ose-egress-router@sha256:d880b552f898125df92dcad8854f5f88e0e83a15fde87d1949c1bebda474ef57_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-egress-router@sha256:d880b552f898125df92dcad8854f5f88e0e83a15fde87d1949c1bebda474ef57?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-egress-router\u0026tag=v4.14.0-202506112307.p0.g03e5f40.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-helm-operator@sha256:9f2df7136f35a80310b2c61fa7a6466349358a3cca0699e6e1fc7c8fe2f6afa7_s390x",
"product": {
"name": "openshift4/ose-helm-operator@sha256:9f2df7136f35a80310b2c61fa7a6466349358a3cca0699e6e1fc7c8fe2f6afa7_s390x",
"product_id": "openshift4/ose-helm-operator@sha256:9f2df7136f35a80310b2c61fa7a6466349358a3cca0699e6e1fc7c8fe2f6afa7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-helm-operator@sha256:9f2df7136f35a80310b2c61fa7a6466349358a3cca0699e6e1fc7c8fe2f6afa7?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-helm-operator\u0026tag=v4.14.0-202506112307.p0.g0ad973f.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-operator-sdk-rhel8@sha256:3dffaff72c5a2271e03d0b173af972acacdce214e7c5aa8c1560826798ef3c86_s390x",
"product": {
"name": "openshift4/ose-operator-sdk-rhel8@sha256:3dffaff72c5a2271e03d0b173af972acacdce214e7c5aa8c1560826798ef3c86_s390x",
"product_id": "openshift4/ose-operator-sdk-rhel8@sha256:3dffaff72c5a2271e03d0b173af972acacdce214e7c5aa8c1560826798ef3c86_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-operator-sdk-rhel8@sha256:3dffaff72c5a2271e03d0b173af972acacdce214e7c5aa8c1560826798ef3c86?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-operator-sdk-rhel8\u0026tag=v4.14.0-202506250034.p0.g0ad973f.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:1c082ba6d2a4f3b65157056c20e29b0cbabcf231868167c350a96773b7aca6ae_s390x",
"product": {
"name": "openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:1c082ba6d2a4f3b65157056c20e29b0cbabcf231868167c350a96773b7aca6ae_s390x",
"product_id": "openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:1c082ba6d2a4f3b65157056c20e29b0cbabcf231868167c350a96773b7aca6ae_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-kubernetes-nmstate-handler-rhel9@sha256:1c082ba6d2a4f3b65157056c20e29b0cbabcf231868167c350a96773b7aca6ae?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-kubernetes-nmstate-handler-rhel9\u0026tag=v4.14.0-202506062303.p0.g23117c5.assembly.stream.el9"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-clusterresourceoverride-rhel8@sha256:ac58b89cd94942682d6620a3af7b249e0598d05caac3c986690407320db68b20_s390x",
"product": {
"name": "openshift4/ose-clusterresourceoverride-rhel8@sha256:ac58b89cd94942682d6620a3af7b249e0598d05caac3c986690407320db68b20_s390x",
"product_id": "openshift4/ose-clusterresourceoverride-rhel8@sha256:ac58b89cd94942682d6620a3af7b249e0598d05caac3c986690407320db68b20_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-clusterresourceoverride-rhel8@sha256:ac58b89cd94942682d6620a3af7b249e0598d05caac3c986690407320db68b20?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel8\u0026tag=v4.14.0-202506112307.p0.g61de9ca.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:603558af93eee130812d4fbd3c5b5e70038cce20e82881f994108cb47faeb47f_s390x",
"product": {
"name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:603558af93eee130812d4fbd3c5b5e70038cce20e82881f994108cb47faeb47f_s390x",
"product_id": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:603558af93eee130812d4fbd3c5b5e70038cce20e82881f994108cb47faeb47f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-clusterresourceoverride-rhel8-operator@sha256:603558af93eee130812d4fbd3c5b5e70038cce20e82881f994108cb47faeb47f?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel8-operator\u0026tag=v4.14.0-202506112307.p0.g699f73c.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:47d277ee00421d2a536150ef99909841a722e9b5d7092cec3442448f7af598e4_s390x",
"product": {
"name": "openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:47d277ee00421d2a536150ef99909841a722e9b5d7092cec3442448f7af598e4_s390x",
"product_id": "openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:47d277ee00421d2a536150ef99909841a722e9b5d7092cec3442448f7af598e4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:47d277ee00421d2a536150ef99909841a722e9b5d7092cec3442448f7af598e4?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-csi-driver-shared-resource-mustgather-rhel8\u0026tag=v4.14.0-202506112307.p0.g9232c1f.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-egress-http-proxy@sha256:edf73ebdded358c1bb2bce4e103d9956194cf6d0f5eaf2fa6fa89508db6b478d_s390x",
"product": {
"name": "openshift4/ose-egress-http-proxy@sha256:edf73ebdded358c1bb2bce4e103d9956194cf6d0f5eaf2fa6fa89508db6b478d_s390x",
"product_id": "openshift4/ose-egress-http-proxy@sha256:edf73ebdded358c1bb2bce4e103d9956194cf6d0f5eaf2fa6fa89508db6b478d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-egress-http-proxy@sha256:edf73ebdded358c1bb2bce4e103d9956194cf6d0f5eaf2fa6fa89508db6b478d?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-egress-http-proxy\u0026tag=v4.14.0-202506112307.p0.g03e5f40.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/frr-rhel9@sha256:84e10305f463777e88a01f0a479c91264d1cdb6e5974c7969b822662016d4ee8_s390x",
"product": {
"name": "openshift4/frr-rhel9@sha256:84e10305f463777e88a01f0a479c91264d1cdb6e5974c7969b822662016d4ee8_s390x",
"product_id": "openshift4/frr-rhel9@sha256:84e10305f463777e88a01f0a479c91264d1cdb6e5974c7969b822662016d4ee8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/frr-rhel9@sha256:84e10305f463777e88a01f0a479c91264d1cdb6e5974c7969b822662016d4ee8?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/frr-rhel9\u0026tag=v4.14.0-202506062303.p0.g0414ca3.assembly.stream.el9"
}
}
},
{
"category": "product_version",
"name": "openshift4/kubernetes-nmstate-rhel9-operator@sha256:9469ea9eff0b22c620060bc3743004e94aab005329fe0839629255392a318d6d_s390x",
"product": {
"name": "openshift4/kubernetes-nmstate-rhel9-operator@sha256:9469ea9eff0b22c620060bc3743004e94aab005329fe0839629255392a318d6d_s390x",
"product_id": "openshift4/kubernetes-nmstate-rhel9-operator@sha256:9469ea9eff0b22c620060bc3743004e94aab005329fe0839629255392a318d6d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kubernetes-nmstate-rhel9-operator@sha256:9469ea9eff0b22c620060bc3743004e94aab005329fe0839629255392a318d6d?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/kubernetes-nmstate-rhel9-operator\u0026tag=v4.14.0-202506250034.p0.g23117c5.assembly.stream.el9"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-local-storage-mustgather-rhel8@sha256:6f62e11148817aafa34ed32230aa09dd72e47be9a21fa74a960b1806acd5b6d5_s390x",
"product": {
"name": "openshift4/ose-local-storage-mustgather-rhel8@sha256:6f62e11148817aafa34ed32230aa09dd72e47be9a21fa74a960b1806acd5b6d5_s390x",
"product_id": "openshift4/ose-local-storage-mustgather-rhel8@sha256:6f62e11148817aafa34ed32230aa09dd72e47be9a21fa74a960b1806acd5b6d5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-local-storage-mustgather-rhel8@sha256:6f62e11148817aafa34ed32230aa09dd72e47be9a21fa74a960b1806acd5b6d5?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-mustgather-rhel8\u0026tag=v4.14.0-202506112307.p0.g599ce82.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/metallb-rhel9@sha256:0809cad5a3eabe1d5fa535527bb574e300d7c02ea0cfcd29e8cf0f01d20a6d40_s390x",
"product": {
"name": "openshift4/metallb-rhel9@sha256:0809cad5a3eabe1d5fa535527bb574e300d7c02ea0cfcd29e8cf0f01d20a6d40_s390x",
"product_id": "openshift4/metallb-rhel9@sha256:0809cad5a3eabe1d5fa535527bb574e300d7c02ea0cfcd29e8cf0f01d20a6d40_s390x",
"product_identification_helper": {
"purl": "pkg:oci/metallb-rhel9@sha256:0809cad5a3eabe1d5fa535527bb574e300d7c02ea0cfcd29e8cf0f01d20a6d40?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/metallb-rhel9\u0026tag=v4.14.0-202506062303.p0.g990fd37.assembly.stream.el9"
}
}
},
{
"category": "product_version",
"name": "openshift4/metallb-rhel9-operator@sha256:c3f43370f6b4ec667e0834acf90ce483c537f61dea0a14bb3beabb818e6ad9d1_s390x",
"product": {
"name": "openshift4/metallb-rhel9-operator@sha256:c3f43370f6b4ec667e0834acf90ce483c537f61dea0a14bb3beabb818e6ad9d1_s390x",
"product_id": "openshift4/metallb-rhel9-operator@sha256:c3f43370f6b4ec667e0834acf90ce483c537f61dea0a14bb3beabb818e6ad9d1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/metallb-rhel9-operator@sha256:c3f43370f6b4ec667e0834acf90ce483c537f61dea0a14bb3beabb818e6ad9d1?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/metallb-rhel9-operator\u0026tag=v4.14.0-202506112307.p0.ged35a97.assembly.stream.el9"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-secrets-store-csi-driver-rhel8@sha256:def7201739aec6c06ddb4f2c5f893d3f76f118e9af97d4a4402fe296727dc8d4_s390x",
"product": {
"name": "openshift4/ose-secrets-store-csi-driver-rhel8@sha256:def7201739aec6c06ddb4f2c5f893d3f76f118e9af97d4a4402fe296727dc8d4_s390x",
"product_id": "openshift4/ose-secrets-store-csi-driver-rhel8@sha256:def7201739aec6c06ddb4f2c5f893d3f76f118e9af97d4a4402fe296727dc8d4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-secrets-store-csi-driver-rhel8@sha256:def7201739aec6c06ddb4f2c5f893d3f76f118e9af97d4a4402fe296727dc8d4?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-secrets-store-csi-driver-rhel8\u0026tag=v4.14.0-202506112307.p0.g4b5bd4b.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:49ce7183466766fc00ba90bdae5f7622f219e0a916906d1bcebc0e0dd7c735f9_s390x",
"product": {
"name": "openshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:49ce7183466766fc00ba90bdae5f7622f219e0a916906d1bcebc0e0dd7c735f9_s390x",
"product_id": "openshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:49ce7183466766fc00ba90bdae5f7622f219e0a916906d1bcebc0e0dd7c735f9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-secrets-store-csi-driver-rhel8-operator@sha256:49ce7183466766fc00ba90bdae5f7622f219e0a916906d1bcebc0e0dd7c735f9?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-secrets-store-csi-driver-rhel8-operator\u0026tag=v4.14.0-202506112307.p0.g4f339d0.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:7ce304db9bfd1e4ba74cd5307c006baabd7231b96e72a7783b12c85d47d83b8a_s390x",
"product": {
"name": "openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:7ce304db9bfd1e4ba74cd5307c006baabd7231b96e72a7783b12c85d47d83b8a_s390x",
"product_id": "openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:7ce304db9bfd1e4ba74cd5307c006baabd7231b96e72a7783b12c85d47d83b8a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-secrets-store-csi-mustgather-rhel8@sha256:7ce304db9bfd1e4ba74cd5307c006baabd7231b96e72a7783b12c85d47d83b8a?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-secrets-store-csi-mustgather-rhel8\u0026tag=v4.14.0-202506112307.p0.g4f339d0.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:b4b1c46902cb7e75fe92227e551f69a605611848d0de6a84dd02b47dbe156833_s390x",
"product": {
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:b4b1c46902cb7e75fe92227e551f69a605611848d0de6a84dd02b47dbe156833_s390x",
"product_id": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:b4b1c46902cb7e75fe92227e551f69a605611848d0de6a84dd02b47dbe156833_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-vertical-pod-autoscaler-rhel8@sha256:b4b1c46902cb7e75fe92227e551f69a605611848d0de6a84dd02b47dbe156833?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel8\u0026tag=v4.14.0-202506112307.p0.gd030dba.assembly.stream.el8"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:4f3958298e1b6c0e7ae456da55502f7e78654d2b18d0061b3ee7d4ad9e0fcfd0_s390x",
"product": {
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:4f3958298e1b6c0e7ae456da55502f7e78654d2b18d0061b3ee7d4ad9e0fcfd0_s390x",
"product_id": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:4f3958298e1b6c0e7ae456da55502f7e78654d2b18d0061b3ee7d4ad9e0fcfd0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-vertical-pod-autoscaler-rhel8-operator@sha256:4f3958298e1b6c0e7ae456da55502f7e78654d2b18d0061b3ee7d4ad9e0fcfd0?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel8-operator\u0026tag=v4.14.0-202506112307.p0.gb70ce20.assembly.stream.el8"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/cloud-event-proxy-rhel8@sha256:0233506139f3316717ab4fb411d7377ab469f45bfec7e145011a0036a50a9d7d_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/cloud-event-proxy-rhel8@sha256:0233506139f3316717ab4fb411d7377ab469f45bfec7e145011a0036a50a9d7d_arm64"
},
"product_reference": "openshift4/cloud-event-proxy-rhel8@sha256:0233506139f3316717ab4fb411d7377ab469f45bfec7e145011a0036a50a9d7d_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/cloud-event-proxy-rhel8@sha256:3e3eba75b1a95f8cf5486824a48add0a2dedf9098aa9dfdf9a7ec4459223f78d_ppc64le as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/cloud-event-proxy-rhel8@sha256:3e3eba75b1a95f8cf5486824a48add0a2dedf9098aa9dfdf9a7ec4459223f78d_ppc64le"
},
"product_reference": "openshift4/cloud-event-proxy-rhel8@sha256:3e3eba75b1a95f8cf5486824a48add0a2dedf9098aa9dfdf9a7ec4459223f78d_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/cloud-event-proxy-rhel8@sha256:edfcd00796b7fff70dcdeabf5d561c444eefc8096ffdc9ea3f31bf89b616d817_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/cloud-event-proxy-rhel8@sha256:edfcd00796b7fff70dcdeabf5d561c444eefc8096ffdc9ea3f31bf89b616d817_amd64"
},
"product_reference": "openshift4/cloud-event-proxy-rhel8@sha256:edfcd00796b7fff70dcdeabf5d561c444eefc8096ffdc9ea3f31bf89b616d817_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/nmstate-console-plugin-rhel8@sha256:73455fb51ff54b7f75144760786e2fe31b8a405f57f66f3f3c826b47ee893576_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/nmstate-console-plugin-rhel8@sha256:73455fb51ff54b7f75144760786e2fe31b8a405f57f66f3f3c826b47ee893576_amd64"
},
"product_reference": "openshift4/nmstate-console-plugin-rhel8@sha256:73455fb51ff54b7f75144760786e2fe31b8a405f57f66f3f3c826b47ee893576_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/nmstate-console-plugin-rhel8@sha256:9b25503c39de5d5f867412e32f2d0e1e3c96cd63bb8232b45b250f13658ce8ca_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/nmstate-console-plugin-rhel8@sha256:9b25503c39de5d5f867412e32f2d0e1e3c96cd63bb8232b45b250f13658ce8ca_arm64"
},
"product_reference": "openshift4/nmstate-console-plugin-rhel8@sha256:9b25503c39de5d5f867412e32f2d0e1e3c96cd63bb8232b45b250f13658ce8ca_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/nmstate-console-plugin-rhel8@sha256:ad3c9ee876c4a3e7c67d2b862d409cc0637272a38a1b387fdf642cbd4dbb8b31_ppc64le as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/nmstate-console-plugin-rhel8@sha256:ad3c9ee876c4a3e7c67d2b862d409cc0637272a38a1b387fdf642cbd4dbb8b31_ppc64le"
},
"product_reference": "openshift4/nmstate-console-plugin-rhel8@sha256:ad3c9ee876c4a3e7c67d2b862d409cc0637272a38a1b387fdf642cbd4dbb8b31_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/nmstate-console-plugin-rhel8@sha256:bb460ed4f6b5a6394a3002f564b66a1a90dffd1399194e791c2ffc7012c67190_s390x as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/nmstate-console-plugin-rhel8@sha256:bb460ed4f6b5a6394a3002f564b66a1a90dffd1399194e791c2ffc7012c67190_s390x"
},
"product_reference": "openshift4/nmstate-console-plugin-rhel8@sha256:bb460ed4f6b5a6394a3002f564b66a1a90dffd1399194e791c2ffc7012c67190_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ansible-operator@sha256:3ab1697898937e270feadff93e17b9a4cd6de777e60fb4ab05cb856dd8b28c70_s390x as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-ansible-operator@sha256:3ab1697898937e270feadff93e17b9a4cd6de777e60fb4ab05cb856dd8b28c70_s390x"
},
"product_reference": "openshift4/ose-ansible-operator@sha256:3ab1697898937e270feadff93e17b9a4cd6de777e60fb4ab05cb856dd8b28c70_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ansible-operator@sha256:7bd899717c4eb9d617f7b825c76ae2f0a246d0d4b1ef70d8494fd6e10bf97693_ppc64le as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-ansible-operator@sha256:7bd899717c4eb9d617f7b825c76ae2f0a246d0d4b1ef70d8494fd6e10bf97693_ppc64le"
},
"product_reference": "openshift4/ose-ansible-operator@sha256:7bd899717c4eb9d617f7b825c76ae2f0a246d0d4b1ef70d8494fd6e10bf97693_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ansible-operator@sha256:b91606fd2a40224ce012e8acd18fcf20284c7ad73d4d86ff4a9c84d2adb9a96d_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-ansible-operator@sha256:b91606fd2a40224ce012e8acd18fcf20284c7ad73d4d86ff4a9c84d2adb9a96d_arm64"
},
"product_reference": "openshift4/ose-ansible-operator@sha256:b91606fd2a40224ce012e8acd18fcf20284c7ad73d4d86ff4a9c84d2adb9a96d_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ansible-operator@sha256:f3a4af058e9fc03867fd91f17cce26d6dc08634fc6f872038d5be4ab3b5824a8_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-ansible-operator@sha256:f3a4af058e9fc03867fd91f17cce26d6dc08634fc6f872038d5be4ab3b5824a8_amd64"
},
"product_reference": "openshift4/ose-ansible-operator@sha256:f3a4af058e9fc03867fd91f17cce26d6dc08634fc6f872038d5be4ab3b5824a8_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:2e2414e207988fc6398dfb00fafbb461f2ee0528af3bf534003a2a9c8e07e119_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:2e2414e207988fc6398dfb00fafbb461f2ee0528af3bf534003a2a9c8e07e119_arm64"
},
"product_reference": "openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:2e2414e207988fc6398dfb00fafbb461f2ee0528af3bf534003a2a9c8e07e119_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:929d8ad2504c63cc88bec82c80990bd755456a21c524512c57de43596578a9e7_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:929d8ad2504c63cc88bec82c80990bd755456a21c524512c57de43596578a9e7_amd64"
},
"product_reference": "openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:929d8ad2504c63cc88bec82c80990bd755456a21c524512c57de43596578a9e7_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:aa70f8885c6845bdf6e142867b0e958bc98a0930dbe9bcead745be548b98bfdc_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:aa70f8885c6845bdf6e142867b0e958bc98a0930dbe9bcead745be548b98bfdc_amd64"
},
"product_reference": "openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:aa70f8885c6845bdf6e142867b0e958bc98a0930dbe9bcead745be548b98bfdc_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:ebbf6a1ff536c69d8269a134d3e87b0e7972630a522ce1bb1e61c81551f7f5ae_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:ebbf6a1ff536c69d8269a134d3e87b0e7972630a522ce1bb1e61c81551f7f5ae_arm64"
},
"product_reference": "openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:ebbf6a1ff536c69d8269a134d3e87b0e7972630a522ce1bb1e61c81551f7f5ae_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cloud-event-proxy-rhel8@sha256:0233506139f3316717ab4fb411d7377ab469f45bfec7e145011a0036a50a9d7d_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-cloud-event-proxy-rhel8@sha256:0233506139f3316717ab4fb411d7377ab469f45bfec7e145011a0036a50a9d7d_arm64"
},
"product_reference": "openshift4/ose-cloud-event-proxy-rhel8@sha256:0233506139f3316717ab4fb411d7377ab469f45bfec7e145011a0036a50a9d7d_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cloud-event-proxy-rhel8@sha256:3e3eba75b1a95f8cf5486824a48add0a2dedf9098aa9dfdf9a7ec4459223f78d_ppc64le as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-cloud-event-proxy-rhel8@sha256:3e3eba75b1a95f8cf5486824a48add0a2dedf9098aa9dfdf9a7ec4459223f78d_ppc64le"
},
"product_reference": "openshift4/ose-cloud-event-proxy-rhel8@sha256:3e3eba75b1a95f8cf5486824a48add0a2dedf9098aa9dfdf9a7ec4459223f78d_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cloud-event-proxy-rhel8@sha256:edfcd00796b7fff70dcdeabf5d561c444eefc8096ffdc9ea3f31bf89b616d817_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-cloud-event-proxy-rhel8@sha256:edfcd00796b7fff70dcdeabf5d561c444eefc8096ffdc9ea3f31bf89b616d817_amd64"
},
"product_reference": "openshift4/ose-cloud-event-proxy-rhel8@sha256:edfcd00796b7fff70dcdeabf5d561c444eefc8096ffdc9ea3f31bf89b616d817_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-capacity@sha256:0f30c170bef2517e0c3dd41f3cddcc11e0e091963eaccd91cb922d7b6c487895_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-cluster-capacity@sha256:0f30c170bef2517e0c3dd41f3cddcc11e0e091963eaccd91cb922d7b6c487895_amd64"
},
"product_reference": "openshift4/ose-cluster-capacity@sha256:0f30c170bef2517e0c3dd41f3cddcc11e0e091963eaccd91cb922d7b6c487895_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-capacity@sha256:5d05868107f7c3ecedf574dda3d591760c04b78ddfdf7ae51b7f4fa575e12a5c_s390x as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-cluster-capacity@sha256:5d05868107f7c3ecedf574dda3d591760c04b78ddfdf7ae51b7f4fa575e12a5c_s390x"
},
"product_reference": "openshift4/ose-cluster-capacity@sha256:5d05868107f7c3ecedf574dda3d591760c04b78ddfdf7ae51b7f4fa575e12a5c_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-capacity@sha256:8df5a2f8cd8e5b1c6ad6301910f1a6d7775bcec87822d2a907ef0d6eb4cb91eb_ppc64le as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-cluster-capacity@sha256:8df5a2f8cd8e5b1c6ad6301910f1a6d7775bcec87822d2a907ef0d6eb4cb91eb_ppc64le"
},
"product_reference": "openshift4/ose-cluster-capacity@sha256:8df5a2f8cd8e5b1c6ad6301910f1a6d7775bcec87822d2a907ef0d6eb4cb91eb_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-capacity@sha256:c9127c4411c6d7a1cb2c32736cfa0a0b972ff6508c7cfdae86de059024225cce_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-cluster-capacity@sha256:c9127c4411c6d7a1cb2c32736cfa0a0b972ff6508c7cfdae86de059024225cce_arm64"
},
"product_reference": "openshift4/ose-cluster-capacity@sha256:c9127c4411c6d7a1cb2c32736cfa0a0b972ff6508c7cfdae86de059024225cce_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-nfd-operator@sha256:23b1acf720e336f758901b9022e399643b5f5e303a0e49213fafddab2d3ea723_s390x as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-cluster-nfd-operator@sha256:23b1acf720e336f758901b9022e399643b5f5e303a0e49213fafddab2d3ea723_s390x"
},
"product_reference": "openshift4/ose-cluster-nfd-operator@sha256:23b1acf720e336f758901b9022e399643b5f5e303a0e49213fafddab2d3ea723_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-nfd-operator@sha256:62163ceaa5be3cdd7eccd9d5040efdf3f252dd086e7185809c2431812ef8adff_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-cluster-nfd-operator@sha256:62163ceaa5be3cdd7eccd9d5040efdf3f252dd086e7185809c2431812ef8adff_amd64"
},
"product_reference": "openshift4/ose-cluster-nfd-operator@sha256:62163ceaa5be3cdd7eccd9d5040efdf3f252dd086e7185809c2431812ef8adff_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-nfd-operator@sha256:7b9c7c4817bf68ec006d0fb1761b6c81f72548e8bd027a002dc60d0a5f390917_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-cluster-nfd-operator@sha256:7b9c7c4817bf68ec006d0fb1761b6c81f72548e8bd027a002dc60d0a5f390917_arm64"
},
"product_reference": "openshift4/ose-cluster-nfd-operator@sha256:7b9c7c4817bf68ec006d0fb1761b6c81f72548e8bd027a002dc60d0a5f390917_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-nfd-operator@sha256:be3236ef05a81a2f580a95449416848357bec283afb6a2994651a40f1c560aef_ppc64le as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-cluster-nfd-operator@sha256:be3236ef05a81a2f580a95449416848357bec283afb6a2994651a40f1c560aef_ppc64le"
},
"product_reference": "openshift4/ose-cluster-nfd-operator@sha256:be3236ef05a81a2f580a95449416848357bec283afb6a2994651a40f1c560aef_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:48f91f8e33113075fddae25f7e168efe15835d23feb0747e21e930b8ca35cc0b_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:48f91f8e33113075fddae25f7e168efe15835d23feb0747e21e930b8ca35cc0b_amd64"
},
"product_reference": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:48f91f8e33113075fddae25f7e168efe15835d23feb0747e21e930b8ca35cc0b_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:5cdbd4891472df1e3b9df59ab9182ad2df0fec81bae7ccf3d1b805927d08ad55_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:5cdbd4891472df1e3b9df59ab9182ad2df0fec81bae7ccf3d1b805927d08ad55_arm64"
},
"product_reference": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:5cdbd4891472df1e3b9df59ab9182ad2df0fec81bae7ccf3d1b805927d08ad55_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:603558af93eee130812d4fbd3c5b5e70038cce20e82881f994108cb47faeb47f_s390x as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:603558af93eee130812d4fbd3c5b5e70038cce20e82881f994108cb47faeb47f_s390x"
},
"product_reference": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:603558af93eee130812d4fbd3c5b5e70038cce20e82881f994108cb47faeb47f_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:ed73893139fefee3b698603d94c07aff11ba1b507ebf736eefebf71c591fadd1_ppc64le as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:ed73893139fefee3b698603d94c07aff11ba1b507ebf736eefebf71c591fadd1_ppc64le"
},
"product_reference": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:ed73893139fefee3b698603d94c07aff11ba1b507ebf736eefebf71c591fadd1_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-clusterresourceoverride-rhel8@sha256:9085294de40f1ad5d1c41e25f0abf68ba02c4520bc4e9dee5d1f735822aae6a8_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-clusterresourceoverride-rhel8@sha256:9085294de40f1ad5d1c41e25f0abf68ba02c4520bc4e9dee5d1f735822aae6a8_amd64"
},
"product_reference": "openshift4/ose-clusterresourceoverride-rhel8@sha256:9085294de40f1ad5d1c41e25f0abf68ba02c4520bc4e9dee5d1f735822aae6a8_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-clusterresourceoverride-rhel8@sha256:ac58b89cd94942682d6620a3af7b249e0598d05caac3c986690407320db68b20_s390x as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-clusterresourceoverride-rhel8@sha256:ac58b89cd94942682d6620a3af7b249e0598d05caac3c986690407320db68b20_s390x"
},
"product_reference": "openshift4/ose-clusterresourceoverride-rhel8@sha256:ac58b89cd94942682d6620a3af7b249e0598d05caac3c986690407320db68b20_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-clusterresourceoverride-rhel8@sha256:f645a0c9eda6ee156a9d3dd8b44e1e3cdcfb6d4fc370c9fbec2828059162bd0f_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-clusterresourceoverride-rhel8@sha256:f645a0c9eda6ee156a9d3dd8b44e1e3cdcfb6d4fc370c9fbec2828059162bd0f_arm64"
},
"product_reference": "openshift4/ose-clusterresourceoverride-rhel8@sha256:f645a0c9eda6ee156a9d3dd8b44e1e3cdcfb6d4fc370c9fbec2828059162bd0f_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-clusterresourceoverride-rhel8@sha256:f754504100e19640509c0e38a430a51cd7cedf95aac72b5acfd1021be63e80c1_ppc64le as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-clusterresourceoverride-rhel8@sha256:f754504100e19640509c0e38a430a51cd7cedf95aac72b5acfd1021be63e80c1_ppc64le"
},
"product_reference": "openshift4/ose-clusterresourceoverride-rhel8@sha256:f754504100e19640509c0e38a430a51cd7cedf95aac72b5acfd1021be63e80c1_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:166caeed258b48a754012d7543eb83f104bb90886857f5152f1b97ca3340c1ff_ppc64le as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:166caeed258b48a754012d7543eb83f104bb90886857f5152f1b97ca3340c1ff_ppc64le"
},
"product_reference": "openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:166caeed258b48a754012d7543eb83f104bb90886857f5152f1b97ca3340c1ff_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:324c43c8d9f052af2a44bdd2913e79cd9d7dcee5285e700a186b579cec073f23_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:324c43c8d9f052af2a44bdd2913e79cd9d7dcee5285e700a186b579cec073f23_amd64"
},
"product_reference": "openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:324c43c8d9f052af2a44bdd2913e79cd9d7dcee5285e700a186b579cec073f23_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:47d277ee00421d2a536150ef99909841a722e9b5d7092cec3442448f7af598e4_s390x as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:47d277ee00421d2a536150ef99909841a722e9b5d7092cec3442448f7af598e4_s390x"
},
"product_reference": "openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:47d277ee00421d2a536150ef99909841a722e9b5d7092cec3442448f7af598e4_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:eef4ba305e30869cf2cc3a54b9712458ca71eb9550c00d2ecadca50bb83754a1_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:eef4ba305e30869cf2cc3a54b9712458ca71eb9550c00d2ecadca50bb83754a1_arm64"
},
"product_reference": "openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:eef4ba305e30869cf2cc3a54b9712458ca71eb9550c00d2ecadca50bb83754a1_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-egress-dns-proxy@sha256:5105f5d615caa57433ffe9351c67f012b5a3dc59f779f22085824a42413ad7da_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-egress-dns-proxy@sha256:5105f5d615caa57433ffe9351c67f012b5a3dc59f779f22085824a42413ad7da_amd64"
},
"product_reference": "openshift4/ose-egress-dns-proxy@sha256:5105f5d615caa57433ffe9351c67f012b5a3dc59f779f22085824a42413ad7da_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-egress-dns-proxy@sha256:a3a708a31abc7daec585f5d4fbefd60c75d17527a236dab815d8e91efd2a4ca8_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-egress-dns-proxy@sha256:a3a708a31abc7daec585f5d4fbefd60c75d17527a236dab815d8e91efd2a4ca8_arm64"
},
"product_reference": "openshift4/ose-egress-dns-proxy@sha256:a3a708a31abc7daec585f5d4fbefd60c75d17527a236dab815d8e91efd2a4ca8_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-egress-dns-proxy@sha256:c5acfaca74c9151e40c283c71e67ae5f1d6403f05f783728b084becdae260980_s390x as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-egress-dns-proxy@sha256:c5acfaca74c9151e40c283c71e67ae5f1d6403f05f783728b084becdae260980_s390x"
},
"product_reference": "openshift4/ose-egress-dns-proxy@sha256:c5acfaca74c9151e40c283c71e67ae5f1d6403f05f783728b084becdae260980_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-egress-dns-proxy@sha256:e5231045d512b40282c14b1b78eb9dbbf7a40258d5ac4790bcbba0e49f2c42ae_ppc64le as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-egress-dns-proxy@sha256:e5231045d512b40282c14b1b78eb9dbbf7a40258d5ac4790bcbba0e49f2c42ae_ppc64le"
},
"product_reference": "openshift4/ose-egress-dns-proxy@sha256:e5231045d512b40282c14b1b78eb9dbbf7a40258d5ac4790bcbba0e49f2c42ae_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-egress-http-proxy@sha256:15afdb8c07a3fcf206fa489a9a26a2ffc6a3c02a9bec3f3fc3501e25a4b104d6_ppc64le as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-egress-http-proxy@sha256:15afdb8c07a3fcf206fa489a9a26a2ffc6a3c02a9bec3f3fc3501e25a4b104d6_ppc64le"
},
"product_reference": "openshift4/ose-egress-http-proxy@sha256:15afdb8c07a3fcf206fa489a9a26a2ffc6a3c02a9bec3f3fc3501e25a4b104d6_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-egress-http-proxy@sha256:1eb78a80d2f721bfed0d357cb887e26bcd36af309411ca3a24041c9962e93770_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-egress-http-proxy@sha256:1eb78a80d2f721bfed0d357cb887e26bcd36af309411ca3a24041c9962e93770_amd64"
},
"product_reference": "openshift4/ose-egress-http-proxy@sha256:1eb78a80d2f721bfed0d357cb887e26bcd36af309411ca3a24041c9962e93770_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-egress-http-proxy@sha256:8d7dceabb1706c35b8c98bc036882590acd1b31318d1d8a242890f500b965631_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-egress-http-proxy@sha256:8d7dceabb1706c35b8c98bc036882590acd1b31318d1d8a242890f500b965631_arm64"
},
"product_reference": "openshift4/ose-egress-http-proxy@sha256:8d7dceabb1706c35b8c98bc036882590acd1b31318d1d8a242890f500b965631_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-egress-http-proxy@sha256:edf73ebdded358c1bb2bce4e103d9956194cf6d0f5eaf2fa6fa89508db6b478d_s390x as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-egress-http-proxy@sha256:edf73ebdded358c1bb2bce4e103d9956194cf6d0f5eaf2fa6fa89508db6b478d_s390x"
},
"product_reference": "openshift4/ose-egress-http-proxy@sha256:edf73ebdded358c1bb2bce4e103d9956194cf6d0f5eaf2fa6fa89508db6b478d_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-egress-router@sha256:6845dc3b6a1a1f608049bc2cc561819808bc397f82e3e119853833175b01f890_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-egress-router@sha256:6845dc3b6a1a1f608049bc2cc561819808bc397f82e3e119853833175b01f890_amd64"
},
"product_reference": "openshift4/ose-egress-router@sha256:6845dc3b6a1a1f608049bc2cc561819808bc397f82e3e119853833175b01f890_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-egress-router@sha256:6dcc7f04eb6d45dcad71d95642c26452ed104677c0a6792b1bc7186833bd669d_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-egress-router@sha256:6dcc7f04eb6d45dcad71d95642c26452ed104677c0a6792b1bc7186833bd669d_arm64"
},
"product_reference": "openshift4/ose-egress-router@sha256:6dcc7f04eb6d45dcad71d95642c26452ed104677c0a6792b1bc7186833bd669d_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-egress-router@sha256:d880b552f898125df92dcad8854f5f88e0e83a15fde87d1949c1bebda474ef57_s390x as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-egress-router@sha256:d880b552f898125df92dcad8854f5f88e0e83a15fde87d1949c1bebda474ef57_s390x"
},
"product_reference": "openshift4/ose-egress-router@sha256:d880b552f898125df92dcad8854f5f88e0e83a15fde87d1949c1bebda474ef57_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-egress-router@sha256:fc3412a4004fd2b5d29978a48a90aeaea0aadec04cb1488a558de5709c342437_ppc64le as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-egress-router@sha256:fc3412a4004fd2b5d29978a48a90aeaea0aadec04cb1488a558de5709c342437_ppc64le"
},
"product_reference": "openshift4/ose-egress-router@sha256:fc3412a4004fd2b5d29978a48a90aeaea0aadec04cb1488a558de5709c342437_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:2d3d91c55331a0cfb33fbfc7c8de6731dbffbf4bbb8c9ec4e5f72557ec972c08_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:2d3d91c55331a0cfb33fbfc7c8de6731dbffbf4bbb8c9ec4e5f72557ec972c08_arm64"
},
"product_reference": "openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:2d3d91c55331a0cfb33fbfc7c8de6731dbffbf4bbb8c9ec4e5f72557ec972c08_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:3ecf8091298b83e1a0b82272c81ad1b9a47ea96edb3a7b96edccab2534bdb741_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:3ecf8091298b83e1a0b82272c81ad1b9a47ea96edb3a7b96edccab2534bdb741_amd64"
},
"product_reference": "openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:3ecf8091298b83e1a0b82272c81ad1b9a47ea96edb3a7b96edccab2534bdb741_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:6dea50cae8f307a3822de67a47ac1fb65a594a0f50454e689030ac85fea23af2_ppc64le as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:6dea50cae8f307a3822de67a47ac1fb65a594a0f50454e689030ac85fea23af2_ppc64le"
},
"product_reference": "openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:6dea50cae8f307a3822de67a47ac1fb65a594a0f50454e689030ac85fea23af2_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:4c3bc3000b499d1b54d8fe2abc5ee52409f44dec536154c45d0cb9068a49c30d_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:4c3bc3000b499d1b54d8fe2abc5ee52409f44dec536154c45d0cb9068a49c30d_amd64"
},
"product_reference": "openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:4c3bc3000b499d1b54d8fe2abc5ee52409f44dec536154c45d0cb9068a49c30d_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:6351b63ec08719fda2a61b1bea0924ce7640c85a4665d123bad9b6e71d5daceb_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:6351b63ec08719fda2a61b1bea0924ce7640c85a4665d123bad9b6e71d5daceb_arm64"
},
"product_reference": "openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:6351b63ec08719fda2a61b1bea0924ce7640c85a4665d123bad9b6e71d5daceb_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:9a66401431611b9b942f68573fa1a0b45fafbff85c100ecd796a73a9e83208b1_ppc64le as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:9a66401431611b9b942f68573fa1a0b45fafbff85c100ecd796a73a9e83208b1_ppc64le"
},
"product_reference": "openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:9a66401431611b9b942f68573fa1a0b45fafbff85c100ecd796a73a9e83208b1_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-helm-operator@sha256:155832f8b4b038aa41e76a1ed3fa0cf3250a062a45830361e5b7c07d249c7c1f_ppc64le as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-helm-operator@sha256:155832f8b4b038aa41e76a1ed3fa0cf3250a062a45830361e5b7c07d249c7c1f_ppc64le"
},
"product_reference": "openshift4/ose-helm-operator@sha256:155832f8b4b038aa41e76a1ed3fa0cf3250a062a45830361e5b7c07d249c7c1f_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-helm-operator@sha256:3db0afaf76b46cbc520f5888e120d35b67bb317a8641a44f99d6b759c7cf6e6a_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-helm-operator@sha256:3db0afaf76b46cbc520f5888e120d35b67bb317a8641a44f99d6b759c7cf6e6a_amd64"
},
"product_reference": "openshift4/ose-helm-operator@sha256:3db0afaf76b46cbc520f5888e120d35b67bb317a8641a44f99d6b759c7cf6e6a_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-helm-operator@sha256:78fb603acaec5f02aad58c26c481210303139c9bee7088d77a41ce8ffb2cbd63_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-helm-operator@sha256:78fb603acaec5f02aad58c26c481210303139c9bee7088d77a41ce8ffb2cbd63_arm64"
},
"product_reference": "openshift4/ose-helm-operator@sha256:78fb603acaec5f02aad58c26c481210303139c9bee7088d77a41ce8ffb2cbd63_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-helm-operator@sha256:9f2df7136f35a80310b2c61fa7a6466349358a3cca0699e6e1fc7c8fe2f6afa7_s390x as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-helm-operator@sha256:9f2df7136f35a80310b2c61fa7a6466349358a3cca0699e6e1fc7c8fe2f6afa7_s390x"
},
"product_reference": "openshift4/ose-helm-operator@sha256:9f2df7136f35a80310b2c61fa7a6466349358a3cca0699e6e1fc7c8fe2f6afa7_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-local-storage-diskmaker@sha256:2601f42edc41c0d559b6576ed5a27c6cb30832cab5e3c2f905a4b05989d3f6e1_ppc64le as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-local-storage-diskmaker@sha256:2601f42edc41c0d559b6576ed5a27c6cb30832cab5e3c2f905a4b05989d3f6e1_ppc64le"
},
"product_reference": "openshift4/ose-local-storage-diskmaker@sha256:2601f42edc41c0d559b6576ed5a27c6cb30832cab5e3c2f905a4b05989d3f6e1_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-local-storage-diskmaker@sha256:9eb6db1b88adeee9ff22599cf003ae802b15a7882f11811f404be38e8aff552a_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-local-storage-diskmaker@sha256:9eb6db1b88adeee9ff22599cf003ae802b15a7882f11811f404be38e8aff552a_amd64"
},
"product_reference": "openshift4/ose-local-storage-diskmaker@sha256:9eb6db1b88adeee9ff22599cf003ae802b15a7882f11811f404be38e8aff552a_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-local-storage-diskmaker@sha256:c17a11d96808a60770d9584d514fa9b8e1e9af157f2cf79a2014d50d9d6199f1_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-local-storage-diskmaker@sha256:c17a11d96808a60770d9584d514fa9b8e1e9af157f2cf79a2014d50d9d6199f1_arm64"
},
"product_reference": "openshift4/ose-local-storage-diskmaker@sha256:c17a11d96808a60770d9584d514fa9b8e1e9af157f2cf79a2014d50d9d6199f1_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-local-storage-diskmaker@sha256:fe6e83adaf8e0b5458a2dfbf84c967472975cd9e279a37af9cebcd2646b78bfa_s390x as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-local-storage-diskmaker@sha256:fe6e83adaf8e0b5458a2dfbf84c967472975cd9e279a37af9cebcd2646b78bfa_s390x"
},
"product_reference": "openshift4/ose-local-storage-diskmaker@sha256:fe6e83adaf8e0b5458a2dfbf84c967472975cd9e279a37af9cebcd2646b78bfa_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-local-storage-mustgather-rhel8@sha256:6f62e11148817aafa34ed32230aa09dd72e47be9a21fa74a960b1806acd5b6d5_s390x as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-local-storage-mustgather-rhel8@sha256:6f62e11148817aafa34ed32230aa09dd72e47be9a21fa74a960b1806acd5b6d5_s390x"
},
"product_reference": "openshift4/ose-local-storage-mustgather-rhel8@sha256:6f62e11148817aafa34ed32230aa09dd72e47be9a21fa74a960b1806acd5b6d5_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-local-storage-mustgather-rhel8@sha256:a2004ef0cfe5c2bd9557e81bf7e14bb7bac86e066c2ac9fcf1fb1f4c4affe209_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-local-storage-mustgather-rhel8@sha256:a2004ef0cfe5c2bd9557e81bf7e14bb7bac86e066c2ac9fcf1fb1f4c4affe209_amd64"
},
"product_reference": "openshift4/ose-local-storage-mustgather-rhel8@sha256:a2004ef0cfe5c2bd9557e81bf7e14bb7bac86e066c2ac9fcf1fb1f4c4affe209_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-local-storage-mustgather-rhel8@sha256:bb2169b62a6dd96f9d589eab45981c79f3e8c3c7422fe47b70ddc28548804574_ppc64le as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-local-storage-mustgather-rhel8@sha256:bb2169b62a6dd96f9d589eab45981c79f3e8c3c7422fe47b70ddc28548804574_ppc64le"
},
"product_reference": "openshift4/ose-local-storage-mustgather-rhel8@sha256:bb2169b62a6dd96f9d589eab45981c79f3e8c3c7422fe47b70ddc28548804574_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-local-storage-mustgather-rhel8@sha256:d598aaab20904ca3a7f8c1cd662ab885d417dacd404e2d5815e456cd9f89e317_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-local-storage-mustgather-rhel8@sha256:d598aaab20904ca3a7f8c1cd662ab885d417dacd404e2d5815e456cd9f89e317_arm64"
},
"product_reference": "openshift4/ose-local-storage-mustgather-rhel8@sha256:d598aaab20904ca3a7f8c1cd662ab885d417dacd404e2d5815e456cd9f89e317_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-local-storage-operator@sha256:229629a1cc2efda7eb97c7e5a05fea436af8a799ee15b1950f13c39722b9aac1_ppc64le as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-local-storage-operator@sha256:229629a1cc2efda7eb97c7e5a05fea436af8a799ee15b1950f13c39722b9aac1_ppc64le"
},
"product_reference": "openshift4/ose-local-storage-operator@sha256:229629a1cc2efda7eb97c7e5a05fea436af8a799ee15b1950f13c39722b9aac1_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-local-storage-operator@sha256:59a79f32bfdb17d733440113388ba60d6e3c578fcc093795d2ccbe912aee5889_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-local-storage-operator@sha256:59a79f32bfdb17d733440113388ba60d6e3c578fcc093795d2ccbe912aee5889_arm64"
},
"product_reference": "openshift4/ose-local-storage-operator@sha256:59a79f32bfdb17d733440113388ba60d6e3c578fcc093795d2ccbe912aee5889_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-local-storage-operator@sha256:69da9a9b9063086cd4a488d1f3e1822fdf4e0905c47922effadaab4f6d10cf72_s390x as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-local-storage-operator@sha256:69da9a9b9063086cd4a488d1f3e1822fdf4e0905c47922effadaab4f6d10cf72_s390x"
},
"product_reference": "openshift4/ose-local-storage-operator@sha256:69da9a9b9063086cd4a488d1f3e1822fdf4e0905c47922effadaab4f6d10cf72_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-local-storage-operator@sha256:d4365e00ab608ba339b879e21f2dea2a2466f28228b7d190dba6303eeaa2bdc6_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-local-storage-operator@sha256:d4365e00ab608ba339b879e21f2dea2a2466f28228b7d190dba6303eeaa2bdc6_amd64"
},
"product_reference": "openshift4/ose-local-storage-operator@sha256:d4365e00ab608ba339b879e21f2dea2a2466f28228b7d190dba6303eeaa2bdc6_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-node-feature-discovery@sha256:26b6dd839999c6f69d0e19e1e8c82e6f611583144806e500f8c7162d28488153_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-node-feature-discovery@sha256:26b6dd839999c6f69d0e19e1e8c82e6f611583144806e500f8c7162d28488153_amd64"
},
"product_reference": "openshift4/ose-node-feature-discovery@sha256:26b6dd839999c6f69d0e19e1e8c82e6f611583144806e500f8c7162d28488153_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-node-feature-discovery@sha256:6c39cede9440d2bdca5641682c58d8e33eaeb12dcc5998d917d90102bc646aa6_s390x as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-node-feature-discovery@sha256:6c39cede9440d2bdca5641682c58d8e33eaeb12dcc5998d917d90102bc646aa6_s390x"
},
"product_reference": "openshift4/ose-node-feature-discovery@sha256:6c39cede9440d2bdca5641682c58d8e33eaeb12dcc5998d917d90102bc646aa6_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-node-feature-discovery@sha256:9e75a192bddc56383c17223a0330ffdc62eef5135086b0cae4b374b03e844bb3_ppc64le as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-node-feature-discovery@sha256:9e75a192bddc56383c17223a0330ffdc62eef5135086b0cae4b374b03e844bb3_ppc64le"
},
"product_reference": "openshift4/ose-node-feature-discovery@sha256:9e75a192bddc56383c17223a0330ffdc62eef5135086b0cae4b374b03e844bb3_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-node-feature-discovery@sha256:dc5a8d56401996a8110c1cd6eccd68228d38ed5882698f66e115075fc4583ab6_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-node-feature-discovery@sha256:dc5a8d56401996a8110c1cd6eccd68228d38ed5882698f66e115075fc4583ab6_arm64"
},
"product_reference": "openshift4/ose-node-feature-discovery@sha256:dc5a8d56401996a8110c1cd6eccd68228d38ed5882698f66e115075fc4583ab6_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-operator-sdk-rhel8@sha256:3d3760bd0c452b1c6f183446634175701fcc41b348a8d580c94582cad3dc7bf7_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-operator-sdk-rhel8@sha256:3d3760bd0c452b1c6f183446634175701fcc41b348a8d580c94582cad3dc7bf7_arm64"
},
"product_reference": "openshift4/ose-operator-sdk-rhel8@sha256:3d3760bd0c452b1c6f183446634175701fcc41b348a8d580c94582cad3dc7bf7_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-operator-sdk-rhel8@sha256:3dffaff72c5a2271e03d0b173af972acacdce214e7c5aa8c1560826798ef3c86_s390x as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-operator-sdk-rhel8@sha256:3dffaff72c5a2271e03d0b173af972acacdce214e7c5aa8c1560826798ef3c86_s390x"
},
"product_reference": "openshift4/ose-operator-sdk-rhel8@sha256:3dffaff72c5a2271e03d0b173af972acacdce214e7c5aa8c1560826798ef3c86_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-operator-sdk-rhel8@sha256:40268201ed39372d63a93bc14b10081b858759dd550d99641b52645a3ac8f4b7_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-operator-sdk-rhel8@sha256:40268201ed39372d63a93bc14b10081b858759dd550d99641b52645a3ac8f4b7_amd64"
},
"product_reference": "openshift4/ose-operator-sdk-rhel8@sha256:40268201ed39372d63a93bc14b10081b858759dd550d99641b52645a3ac8f4b7_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-operator-sdk-rhel8@sha256:d88ffcb4d9ec6be183f4c6f74aa49f83031f3af972d4bd293369476e0e2e436b_ppc64le as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-operator-sdk-rhel8@sha256:d88ffcb4d9ec6be183f4c6f74aa49f83031f3af972d4bd293369476e0e2e436b_ppc64le"
},
"product_reference": "openshift4/ose-operator-sdk-rhel8@sha256:d88ffcb4d9ec6be183f4c6f74aa49f83031f3af972d4bd293369476e0e2e436b_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ptp-operator@sha256:3c3e0881e66ef1533a965c0dfa2d4e2816fb794a620a48c8cf587650101ce90f_ppc64le as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-ptp-operator@sha256:3c3e0881e66ef1533a965c0dfa2d4e2816fb794a620a48c8cf587650101ce90f_ppc64le"
},
"product_reference": "openshift4/ose-ptp-operator@sha256:3c3e0881e66ef1533a965c0dfa2d4e2816fb794a620a48c8cf587650101ce90f_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ptp-operator@sha256:e0be86b6efc1c1898ff40374e2accbe0458e314baa400ff752fbdb8a555c079c_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-ptp-operator@sha256:e0be86b6efc1c1898ff40374e2accbe0458e314baa400ff752fbdb8a555c079c_arm64"
},
"product_reference": "openshift4/ose-ptp-operator@sha256:e0be86b6efc1c1898ff40374e2accbe0458e314baa400ff752fbdb8a555c079c_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ptp-operator@sha256:fd92f9f6285a523b6768436d05af8049415d1ed35a11312f7878328ce2813381_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-ptp-operator@sha256:fd92f9f6285a523b6768436d05af8049415d1ed35a11312f7878328ce2813381_amd64"
},
"product_reference": "openshift4/ose-ptp-operator@sha256:fd92f9f6285a523b6768436d05af8049415d1ed35a11312f7878328ce2813381_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:2857961dbd07c174e3c6ddc70fb789ce85e14a00e23cae3e4385d86b7c73b12e_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:2857961dbd07c174e3c6ddc70fb789ce85e14a00e23cae3e4385d86b7c73b12e_amd64"
},
"product_reference": "openshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:2857961dbd07c174e3c6ddc70fb789ce85e14a00e23cae3e4385d86b7c73b12e_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:49ce7183466766fc00ba90bdae5f7622f219e0a916906d1bcebc0e0dd7c735f9_s390x as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:49ce7183466766fc00ba90bdae5f7622f219e0a916906d1bcebc0e0dd7c735f9_s390x"
},
"product_reference": "openshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:49ce7183466766fc00ba90bdae5f7622f219e0a916906d1bcebc0e0dd7c735f9_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:4a099fea103dbf21971b79cad02327fac7a50912793cca32f31df71d6c2a1606_ppc64le as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:4a099fea103dbf21971b79cad02327fac7a50912793cca32f31df71d6c2a1606_ppc64le"
},
"product_reference": "openshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:4a099fea103dbf21971b79cad02327fac7a50912793cca32f31df71d6c2a1606_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:674dda9f790499a4746f13234612046f126bb2b9a6c94d81d845409979f07a38_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:674dda9f790499a4746f13234612046f126bb2b9a6c94d81d845409979f07a38_arm64"
},
"product_reference": "openshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:674dda9f790499a4746f13234612046f126bb2b9a6c94d81d845409979f07a38_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-secrets-store-csi-driver-rhel8@sha256:2339ae002806aa5322420a38f67da684ebc4fde8a94d06bc8798b9398dcad391_ppc64le as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-driver-rhel8@sha256:2339ae002806aa5322420a38f67da684ebc4fde8a94d06bc8798b9398dcad391_ppc64le"
},
"product_reference": "openshift4/ose-secrets-store-csi-driver-rhel8@sha256:2339ae002806aa5322420a38f67da684ebc4fde8a94d06bc8798b9398dcad391_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-secrets-store-csi-driver-rhel8@sha256:a5698b6dfa73b393ee9fcd81877f9c55cbbf6cca8ea82e968368803e67516b5c_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-driver-rhel8@sha256:a5698b6dfa73b393ee9fcd81877f9c55cbbf6cca8ea82e968368803e67516b5c_arm64"
},
"product_reference": "openshift4/ose-secrets-store-csi-driver-rhel8@sha256:a5698b6dfa73b393ee9fcd81877f9c55cbbf6cca8ea82e968368803e67516b5c_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-secrets-store-csi-driver-rhel8@sha256:b6380d146d2a8ce0cae86dd335f46a01697c3c91ac4b1d35f5610a0f538e5315_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-driver-rhel8@sha256:b6380d146d2a8ce0cae86dd335f46a01697c3c91ac4b1d35f5610a0f538e5315_amd64"
},
"product_reference": "openshift4/ose-secrets-store-csi-driver-rhel8@sha256:b6380d146d2a8ce0cae86dd335f46a01697c3c91ac4b1d35f5610a0f538e5315_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-secrets-store-csi-driver-rhel8@sha256:def7201739aec6c06ddb4f2c5f893d3f76f118e9af97d4a4402fe296727dc8d4_s390x as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-driver-rhel8@sha256:def7201739aec6c06ddb4f2c5f893d3f76f118e9af97d4a4402fe296727dc8d4_s390x"
},
"product_reference": "openshift4/ose-secrets-store-csi-driver-rhel8@sha256:def7201739aec6c06ddb4f2c5f893d3f76f118e9af97d4a4402fe296727dc8d4_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:12cb94865b6698b8561fd21749d64ace31711375dd69a156dc58b280fa7b5867_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:12cb94865b6698b8561fd21749d64ace31711375dd69a156dc58b280fa7b5867_amd64"
},
"product_reference": "openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:12cb94865b6698b8561fd21749d64ace31711375dd69a156dc58b280fa7b5867_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:7ce304db9bfd1e4ba74cd5307c006baabd7231b96e72a7783b12c85d47d83b8a_s390x as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:7ce304db9bfd1e4ba74cd5307c006baabd7231b96e72a7783b12c85d47d83b8a_s390x"
},
"product_reference": "openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:7ce304db9bfd1e4ba74cd5307c006baabd7231b96e72a7783b12c85d47d83b8a_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:9cbc765dfa9c5a11b8fe8096e523ef9705d75526343c6864c399f8416e879f2f_ppc64le as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:9cbc765dfa9c5a11b8fe8096e523ef9705d75526343c6864c399f8416e879f2f_ppc64le"
},
"product_reference": "openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:9cbc765dfa9c5a11b8fe8096e523ef9705d75526343c6864c399f8416e879f2f_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:fa57aff3382f7b4745673b217f61ba4496c7d67be7c852eebb93f5450df39c8c_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:fa57aff3382f7b4745673b217f61ba4496c7d67be7c852eebb93f5450df39c8c_arm64"
},
"product_reference": "openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:fa57aff3382f7b4745673b217f61ba4496c7d67be7c852eebb93f5450df39c8c_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sriov-dp-admission-controller@sha256:22ff303478681836fd5510c2adb2d2191f94b1d7a7f4e13e7da093a6ad73d10b_ppc64le as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-sriov-dp-admission-controller@sha256:22ff303478681836fd5510c2adb2d2191f94b1d7a7f4e13e7da093a6ad73d10b_ppc64le"
},
"product_reference": "openshift4/ose-sriov-dp-admission-controller@sha256:22ff303478681836fd5510c2adb2d2191f94b1d7a7f4e13e7da093a6ad73d10b_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sriov-dp-admission-controller@sha256:830ed60efcaf17e35764820f0ec826545c6dc9b7f1613b5671d45db0329ec044_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-sriov-dp-admission-controller@sha256:830ed60efcaf17e35764820f0ec826545c6dc9b7f1613b5671d45db0329ec044_amd64"
},
"product_reference": "openshift4/ose-sriov-dp-admission-controller@sha256:830ed60efcaf17e35764820f0ec826545c6dc9b7f1613b5671d45db0329ec044_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sriov-dp-admission-controller@sha256:fdda28aec9753d39bfd2c0098d4384ae7ad14250dab14b3a115aac568baed368_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-sriov-dp-admission-controller@sha256:fdda28aec9753d39bfd2c0098d4384ae7ad14250dab14b3a115aac568baed368_arm64"
},
"product_reference": "openshift4/ose-sriov-dp-admission-controller@sha256:fdda28aec9753d39bfd2c0098d4384ae7ad14250dab14b3a115aac568baed368_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sriov-infiniband-cni@sha256:7014d8c68ef59a17cad0f55ec727c8b0444acd18b0fc6487d2662b631dbddac5_ppc64le as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-sriov-infiniband-cni@sha256:7014d8c68ef59a17cad0f55ec727c8b0444acd18b0fc6487d2662b631dbddac5_ppc64le"
},
"product_reference": "openshift4/ose-sriov-infiniband-cni@sha256:7014d8c68ef59a17cad0f55ec727c8b0444acd18b0fc6487d2662b631dbddac5_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sriov-infiniband-cni@sha256:bf7828ef911caa2e3dcb124ce66457a0aae21200ff0ada9929221d4d6cf3454c_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-sriov-infiniband-cni@sha256:bf7828ef911caa2e3dcb124ce66457a0aae21200ff0ada9929221d4d6cf3454c_amd64"
},
"product_reference": "openshift4/ose-sriov-infiniband-cni@sha256:bf7828ef911caa2e3dcb124ce66457a0aae21200ff0ada9929221d4d6cf3454c_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sriov-infiniband-cni@sha256:d193a096f62cf7d366eed248157b5384c1a73edf0712f6cccb8d7835d760cf1f_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-sriov-infiniband-cni@sha256:d193a096f62cf7d366eed248157b5384c1a73edf0712f6cccb8d7835d760cf1f_arm64"
},
"product_reference": "openshift4/ose-sriov-infiniband-cni@sha256:d193a096f62cf7d366eed248157b5384c1a73edf0712f6cccb8d7835d760cf1f_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sriov-network-config-daemon@sha256:03334b3311eb1077e01e06e90b99936f1cee32d336e17d959f1de79af7b149d2_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-sriov-network-config-daemon@sha256:03334b3311eb1077e01e06e90b99936f1cee32d336e17d959f1de79af7b149d2_amd64"
},
"product_reference": "openshift4/ose-sriov-network-config-daemon@sha256:03334b3311eb1077e01e06e90b99936f1cee32d336e17d959f1de79af7b149d2_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sriov-network-config-daemon@sha256:53939bd098c335aa5199436e960b435495a80b50dd03f1300dbcd21e1c68b4f6_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-sriov-network-config-daemon@sha256:53939bd098c335aa5199436e960b435495a80b50dd03f1300dbcd21e1c68b4f6_arm64"
},
"product_reference": "openshift4/ose-sriov-network-config-daemon@sha256:53939bd098c335aa5199436e960b435495a80b50dd03f1300dbcd21e1c68b4f6_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sriov-network-config-daemon@sha256:6bc4f173c437f9c1f1fa22b1822772c3524b2ba8f8de1665ade371270437a11c_ppc64le as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-sriov-network-config-daemon@sha256:6bc4f173c437f9c1f1fa22b1822772c3524b2ba8f8de1665ade371270437a11c_ppc64le"
},
"product_reference": "openshift4/ose-sriov-network-config-daemon@sha256:6bc4f173c437f9c1f1fa22b1822772c3524b2ba8f8de1665ade371270437a11c_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sriov-network-device-plugin@sha256:30b935ecfa51f199c9dc104975242e4251f8361ea4dd1ff2c0b0d83b7f4630b3_ppc64le as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-sriov-network-device-plugin@sha256:30b935ecfa51f199c9dc104975242e4251f8361ea4dd1ff2c0b0d83b7f4630b3_ppc64le"
},
"product_reference": "openshift4/ose-sriov-network-device-plugin@sha256:30b935ecfa51f199c9dc104975242e4251f8361ea4dd1ff2c0b0d83b7f4630b3_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sriov-network-device-plugin@sha256:3a5da82b4327cf32eb9b6d128aa345d0be36f42ca861c857bc6fca4c4f1eecaa_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-sriov-network-device-plugin@sha256:3a5da82b4327cf32eb9b6d128aa345d0be36f42ca861c857bc6fca4c4f1eecaa_arm64"
},
"product_reference": "openshift4/ose-sriov-network-device-plugin@sha256:3a5da82b4327cf32eb9b6d128aa345d0be36f42ca861c857bc6fca4c4f1eecaa_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sriov-network-device-plugin@sha256:f52d2c9a995d0d00af6394de7fc5239b6a494295eedb22debd8024125940d659_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-sriov-network-device-plugin@sha256:f52d2c9a995d0d00af6394de7fc5239b6a494295eedb22debd8024125940d659_amd64"
},
"product_reference": "openshift4/ose-sriov-network-device-plugin@sha256:f52d2c9a995d0d00af6394de7fc5239b6a494295eedb22debd8024125940d659_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sriov-network-operator@sha256:b8f20871bbf1edb04d0d8d539777a02d4ae1404c355297a1f3adf7682aca6106_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-sriov-network-operator@sha256:b8f20871bbf1edb04d0d8d539777a02d4ae1404c355297a1f3adf7682aca6106_amd64"
},
"product_reference": "openshift4/ose-sriov-network-operator@sha256:b8f20871bbf1edb04d0d8d539777a02d4ae1404c355297a1f3adf7682aca6106_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sriov-network-operator@sha256:dde4cfe3c53192974f810ba48792d2544152405103a48347c5c4d95d3ad8c4ce_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-sriov-network-operator@sha256:dde4cfe3c53192974f810ba48792d2544152405103a48347c5c4d95d3ad8c4ce_arm64"
},
"product_reference": "openshift4/ose-sriov-network-operator@sha256:dde4cfe3c53192974f810ba48792d2544152405103a48347c5c4d95d3ad8c4ce_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sriov-network-operator@sha256:ecc2bc79460e660198b1642bd0cb616ca623e3a686a303b90e8ea923c1627a65_ppc64le as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-sriov-network-operator@sha256:ecc2bc79460e660198b1642bd0cb616ca623e3a686a303b90e8ea923c1627a65_ppc64le"
},
"product_reference": "openshift4/ose-sriov-network-operator@sha256:ecc2bc79460e660198b1642bd0cb616ca623e3a686a303b90e8ea923c1627a65_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sriov-network-webhook@sha256:c5085ac0089de82f8c873830a897c0e7986d96bc766e19ddd3ee73152f244c30_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-sriov-network-webhook@sha256:c5085ac0089de82f8c873830a897c0e7986d96bc766e19ddd3ee73152f244c30_arm64"
},
"product_reference": "openshift4/ose-sriov-network-webhook@sha256:c5085ac0089de82f8c873830a897c0e7986d96bc766e19ddd3ee73152f244c30_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sriov-network-webhook@sha256:da46eb4b254a9dc777959e263fefefd5a38e18d52974faf3ef2a70abe5983114_ppc64le as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-sriov-network-webhook@sha256:da46eb4b254a9dc777959e263fefefd5a38e18d52974faf3ef2a70abe5983114_ppc64le"
},
"product_reference": "openshift4/ose-sriov-network-webhook@sha256:da46eb4b254a9dc777959e263fefefd5a38e18d52974faf3ef2a70abe5983114_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sriov-network-webhook@sha256:fd6f41701c4c193afe47879a15f7e96a6db3683d13d41efae8dd9d60d1af298e_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-sriov-network-webhook@sha256:fd6f41701c4c193afe47879a15f7e96a6db3683d13d41efae8dd9d60d1af298e_amd64"
},
"product_reference": "openshift4/ose-sriov-network-webhook@sha256:fd6f41701c4c193afe47879a15f7e96a6db3683d13d41efae8dd9d60d1af298e_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:36b350ba9856d2498e0a472f7f2dadc2e996361ca61fbf54716df1e23736e682_ppc64le as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:36b350ba9856d2498e0a472f7f2dadc2e996361ca61fbf54716df1e23736e682_ppc64le"
},
"product_reference": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:36b350ba9856d2498e0a472f7f2dadc2e996361ca61fbf54716df1e23736e682_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:4f3958298e1b6c0e7ae456da55502f7e78654d2b18d0061b3ee7d4ad9e0fcfd0_s390x as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:4f3958298e1b6c0e7ae456da55502f7e78654d2b18d0061b3ee7d4ad9e0fcfd0_s390x"
},
"product_reference": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:4f3958298e1b6c0e7ae456da55502f7e78654d2b18d0061b3ee7d4ad9e0fcfd0_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:8dbcc2e15c8b36c68e088a6cdf2e91177b04fa59bb3bb1790bf6033da8135e16_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:8dbcc2e15c8b36c68e088a6cdf2e91177b04fa59bb3bb1790bf6033da8135e16_arm64"
},
"product_reference": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:8dbcc2e15c8b36c68e088a6cdf2e91177b04fa59bb3bb1790bf6033da8135e16_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:a55e4ba925da6c54f0deeccd978eb1fcaa589be69da58fd0c03fafad6301e968_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:a55e4ba925da6c54f0deeccd978eb1fcaa589be69da58fd0c03fafad6301e968_amd64"
},
"product_reference": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:a55e4ba925da6c54f0deeccd978eb1fcaa589be69da58fd0c03fafad6301e968_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:3fafe355d0816b4c07a8760887e0626416bc485c8f40930a55b235539e60a4fd_ppc64le as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:3fafe355d0816b4c07a8760887e0626416bc485c8f40930a55b235539e60a4fd_ppc64le"
},
"product_reference": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:3fafe355d0816b4c07a8760887e0626416bc485c8f40930a55b235539e60a4fd_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:46a5db2674418804e90cbbe9757f8b738bf92f9fd7bc59a1b7e24f128bd4c48e_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:46a5db2674418804e90cbbe9757f8b738bf92f9fd7bc59a1b7e24f128bd4c48e_amd64"
},
"product_reference": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:46a5db2674418804e90cbbe9757f8b738bf92f9fd7bc59a1b7e24f128bd4c48e_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:b4b1c46902cb7e75fe92227e551f69a605611848d0de6a84dd02b47dbe156833_s390x as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:b4b1c46902cb7e75fe92227e551f69a605611848d0de6a84dd02b47dbe156833_s390x"
},
"product_reference": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:b4b1c46902cb7e75fe92227e551f69a605611848d0de6a84dd02b47dbe156833_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:e0ab787a1380d1f8f209aac1d347cb4d1cb7adb8156efd530324fea16604422e_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:e0ab787a1380d1f8f209aac1d347cb4d1cb7adb8156efd530324fea16604422e_arm64"
},
"product_reference": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:e0ab787a1380d1f8f209aac1d347cb4d1cb7adb8156efd530324fea16604422e_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ptp-must-gather-rhel8@sha256:5a25db7c37642b87bd7a91e561f7beea7e55f6694e66163db7c23e11130c6165_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ptp-must-gather-rhel8@sha256:5a25db7c37642b87bd7a91e561f7beea7e55f6694e66163db7c23e11130c6165_amd64"
},
"product_reference": "openshift4/ptp-must-gather-rhel8@sha256:5a25db7c37642b87bd7a91e561f7beea7e55f6694e66163db7c23e11130c6165_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ptp-must-gather-rhel8@sha256:84d4108297c134dbe94e4e00c45ff68f4f5b1119bd6389a12d8a0ee5c4d13eb4_ppc64le as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ptp-must-gather-rhel8@sha256:84d4108297c134dbe94e4e00c45ff68f4f5b1119bd6389a12d8a0ee5c4d13eb4_ppc64le"
},
"product_reference": "openshift4/ptp-must-gather-rhel8@sha256:84d4108297c134dbe94e4e00c45ff68f4f5b1119bd6389a12d8a0ee5c4d13eb4_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ptp-must-gather-rhel8@sha256:ce42996d1525496c72b7211ad37de3cc99203fa9362977322f656421db4a4fb0_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "8Base-RHOSE-4.14:openshift4/ptp-must-gather-rhel8@sha256:ce42996d1525496c72b7211ad37de3cc99203fa9362977322f656421db4a4fb0_arm64"
},
"product_reference": "openshift4/ptp-must-gather-rhel8@sha256:ce42996d1525496c72b7211ad37de3cc99203fa9362977322f656421db4a4fb0_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/frr-rhel9@sha256:27a9c1e634790230c826d34a9560017534ab0447204e1426e27c01235a996857_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "9Base-RHOSE-4.14:openshift4/frr-rhel9@sha256:27a9c1e634790230c826d34a9560017534ab0447204e1426e27c01235a996857_arm64"
},
"product_reference": "openshift4/frr-rhel9@sha256:27a9c1e634790230c826d34a9560017534ab0447204e1426e27c01235a996857_arm64",
"relates_to_product_reference": "9Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/frr-rhel9@sha256:2a8bf055bca3d1ded35b1dbabf7c6ee969db60453c83287af4d6cb21ab467f7c_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "9Base-RHOSE-4.14:openshift4/frr-rhel9@sha256:2a8bf055bca3d1ded35b1dbabf7c6ee969db60453c83287af4d6cb21ab467f7c_amd64"
},
"product_reference": "openshift4/frr-rhel9@sha256:2a8bf055bca3d1ded35b1dbabf7c6ee969db60453c83287af4d6cb21ab467f7c_amd64",
"relates_to_product_reference": "9Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/frr-rhel9@sha256:84e10305f463777e88a01f0a479c91264d1cdb6e5974c7969b822662016d4ee8_s390x as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "9Base-RHOSE-4.14:openshift4/frr-rhel9@sha256:84e10305f463777e88a01f0a479c91264d1cdb6e5974c7969b822662016d4ee8_s390x"
},
"product_reference": "openshift4/frr-rhel9@sha256:84e10305f463777e88a01f0a479c91264d1cdb6e5974c7969b822662016d4ee8_s390x",
"relates_to_product_reference": "9Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/frr-rhel9@sha256:8d2b596cd979659bf6315108291aec567d187b91c4aa6ed0195c20936bb03b94_ppc64le as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "9Base-RHOSE-4.14:openshift4/frr-rhel9@sha256:8d2b596cd979659bf6315108291aec567d187b91c4aa6ed0195c20936bb03b94_ppc64le"
},
"product_reference": "openshift4/frr-rhel9@sha256:8d2b596cd979659bf6315108291aec567d187b91c4aa6ed0195c20936bb03b94_ppc64le",
"relates_to_product_reference": "9Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ingress-node-firewall-rhel9-operator@sha256:32c12362ad54a0ffcd979ccdffd150e6fd4a8e9dc5d238aba30f40afeae13f40_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "9Base-RHOSE-4.14:openshift4/ingress-node-firewall-rhel9-operator@sha256:32c12362ad54a0ffcd979ccdffd150e6fd4a8e9dc5d238aba30f40afeae13f40_arm64"
},
"product_reference": "openshift4/ingress-node-firewall-rhel9-operator@sha256:32c12362ad54a0ffcd979ccdffd150e6fd4a8e9dc5d238aba30f40afeae13f40_arm64",
"relates_to_product_reference": "9Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ingress-node-firewall-rhel9-operator@sha256:88baf977bdb6a6039e03f4058af9d1dc335ad0d1cabbefb5e603fbcc343fe26e_ppc64le as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "9Base-RHOSE-4.14:openshift4/ingress-node-firewall-rhel9-operator@sha256:88baf977bdb6a6039e03f4058af9d1dc335ad0d1cabbefb5e603fbcc343fe26e_ppc64le"
},
"product_reference": "openshift4/ingress-node-firewall-rhel9-operator@sha256:88baf977bdb6a6039e03f4058af9d1dc335ad0d1cabbefb5e603fbcc343fe26e_ppc64le",
"relates_to_product_reference": "9Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ingress-node-firewall-rhel9-operator@sha256:b61cc9682c3b773716f6a44c38f07150a25a22bf755d512fc6912e289658a3c1_s390x as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "9Base-RHOSE-4.14:openshift4/ingress-node-firewall-rhel9-operator@sha256:b61cc9682c3b773716f6a44c38f07150a25a22bf755d512fc6912e289658a3c1_s390x"
},
"product_reference": "openshift4/ingress-node-firewall-rhel9-operator@sha256:b61cc9682c3b773716f6a44c38f07150a25a22bf755d512fc6912e289658a3c1_s390x",
"relates_to_product_reference": "9Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ingress-node-firewall-rhel9-operator@sha256:d7716b05b7ffc84e38dca2c87172564214734ff0cc2e5b734f963de141e07b86_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "9Base-RHOSE-4.14:openshift4/ingress-node-firewall-rhel9-operator@sha256:d7716b05b7ffc84e38dca2c87172564214734ff0cc2e5b734f963de141e07b86_amd64"
},
"product_reference": "openshift4/ingress-node-firewall-rhel9-operator@sha256:d7716b05b7ffc84e38dca2c87172564214734ff0cc2e5b734f963de141e07b86_amd64",
"relates_to_product_reference": "9Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ingress-node-firewall-rhel9@sha256:04336565c63caea4f35906c909565c0c4f643a99ea720ed04584e558e9db9ded_s390x as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "9Base-RHOSE-4.14:openshift4/ingress-node-firewall-rhel9@sha256:04336565c63caea4f35906c909565c0c4f643a99ea720ed04584e558e9db9ded_s390x"
},
"product_reference": "openshift4/ingress-node-firewall-rhel9@sha256:04336565c63caea4f35906c909565c0c4f643a99ea720ed04584e558e9db9ded_s390x",
"relates_to_product_reference": "9Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ingress-node-firewall-rhel9@sha256:96802e02ddb58f3744b36e2b6194c4bef07510b53493bbabf7a61a4b54a8fdf7_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "9Base-RHOSE-4.14:openshift4/ingress-node-firewall-rhel9@sha256:96802e02ddb58f3744b36e2b6194c4bef07510b53493bbabf7a61a4b54a8fdf7_arm64"
},
"product_reference": "openshift4/ingress-node-firewall-rhel9@sha256:96802e02ddb58f3744b36e2b6194c4bef07510b53493bbabf7a61a4b54a8fdf7_arm64",
"relates_to_product_reference": "9Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ingress-node-firewall-rhel9@sha256:985c78cbef57834ffb72edff477729d48e94fea3d2b8591a80288579ea7dfff7_ppc64le as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "9Base-RHOSE-4.14:openshift4/ingress-node-firewall-rhel9@sha256:985c78cbef57834ffb72edff477729d48e94fea3d2b8591a80288579ea7dfff7_ppc64le"
},
"product_reference": "openshift4/ingress-node-firewall-rhel9@sha256:985c78cbef57834ffb72edff477729d48e94fea3d2b8591a80288579ea7dfff7_ppc64le",
"relates_to_product_reference": "9Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ingress-node-firewall-rhel9@sha256:cc23cf464f6dfb77854b04c5c939744259ee935425d0197710f6348b75b9eba9_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "9Base-RHOSE-4.14:openshift4/ingress-node-firewall-rhel9@sha256:cc23cf464f6dfb77854b04c5c939744259ee935425d0197710f6348b75b9eba9_amd64"
},
"product_reference": "openshift4/ingress-node-firewall-rhel9@sha256:cc23cf464f6dfb77854b04c5c939744259ee935425d0197710f6348b75b9eba9_amd64",
"relates_to_product_reference": "9Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/kubernetes-nmstate-rhel9-operator@sha256:5df6fdb232e0f834571fcd11856625a89793ca0b17a6f98332e692f209af378a_ppc64le as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "9Base-RHOSE-4.14:openshift4/kubernetes-nmstate-rhel9-operator@sha256:5df6fdb232e0f834571fcd11856625a89793ca0b17a6f98332e692f209af378a_ppc64le"
},
"product_reference": "openshift4/kubernetes-nmstate-rhel9-operator@sha256:5df6fdb232e0f834571fcd11856625a89793ca0b17a6f98332e692f209af378a_ppc64le",
"relates_to_product_reference": "9Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/kubernetes-nmstate-rhel9-operator@sha256:70262eb0385b7420a41f3091a3d9ae1c8d1f2df7c74a22a3832852ada597b2fa_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "9Base-RHOSE-4.14:openshift4/kubernetes-nmstate-rhel9-operator@sha256:70262eb0385b7420a41f3091a3d9ae1c8d1f2df7c74a22a3832852ada597b2fa_arm64"
},
"product_reference": "openshift4/kubernetes-nmstate-rhel9-operator@sha256:70262eb0385b7420a41f3091a3d9ae1c8d1f2df7c74a22a3832852ada597b2fa_arm64",
"relates_to_product_reference": "9Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/kubernetes-nmstate-rhel9-operator@sha256:8a54c5069c601ef93dc353d99cedff5516866b724c1b51f928dd5c214eaea5ed_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "9Base-RHOSE-4.14:openshift4/kubernetes-nmstate-rhel9-operator@sha256:8a54c5069c601ef93dc353d99cedff5516866b724c1b51f928dd5c214eaea5ed_amd64"
},
"product_reference": "openshift4/kubernetes-nmstate-rhel9-operator@sha256:8a54c5069c601ef93dc353d99cedff5516866b724c1b51f928dd5c214eaea5ed_amd64",
"relates_to_product_reference": "9Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/kubernetes-nmstate-rhel9-operator@sha256:9469ea9eff0b22c620060bc3743004e94aab005329fe0839629255392a318d6d_s390x as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "9Base-RHOSE-4.14:openshift4/kubernetes-nmstate-rhel9-operator@sha256:9469ea9eff0b22c620060bc3743004e94aab005329fe0839629255392a318d6d_s390x"
},
"product_reference": "openshift4/kubernetes-nmstate-rhel9-operator@sha256:9469ea9eff0b22c620060bc3743004e94aab005329fe0839629255392a318d6d_s390x",
"relates_to_product_reference": "9Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/metallb-rhel9-operator@sha256:56fb0a43bc9523519bbdb8ce5fb95180a2fec3d73bfda2112b5a8fe8a0951902_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "9Base-RHOSE-4.14:openshift4/metallb-rhel9-operator@sha256:56fb0a43bc9523519bbdb8ce5fb95180a2fec3d73bfda2112b5a8fe8a0951902_amd64"
},
"product_reference": "openshift4/metallb-rhel9-operator@sha256:56fb0a43bc9523519bbdb8ce5fb95180a2fec3d73bfda2112b5a8fe8a0951902_amd64",
"relates_to_product_reference": "9Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/metallb-rhel9-operator@sha256:60b33ad6b9e49d9d34fce895b735618a0b9b488b1ea833206f4c1d71f21c8993_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "9Base-RHOSE-4.14:openshift4/metallb-rhel9-operator@sha256:60b33ad6b9e49d9d34fce895b735618a0b9b488b1ea833206f4c1d71f21c8993_arm64"
},
"product_reference": "openshift4/metallb-rhel9-operator@sha256:60b33ad6b9e49d9d34fce895b735618a0b9b488b1ea833206f4c1d71f21c8993_arm64",
"relates_to_product_reference": "9Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/metallb-rhel9-operator@sha256:6da914e66d7047b31a3da77b527df3ed21f55f1e298d0b0c7e4ce212380f268b_ppc64le as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "9Base-RHOSE-4.14:openshift4/metallb-rhel9-operator@sha256:6da914e66d7047b31a3da77b527df3ed21f55f1e298d0b0c7e4ce212380f268b_ppc64le"
},
"product_reference": "openshift4/metallb-rhel9-operator@sha256:6da914e66d7047b31a3da77b527df3ed21f55f1e298d0b0c7e4ce212380f268b_ppc64le",
"relates_to_product_reference": "9Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/metallb-rhel9-operator@sha256:c3f43370f6b4ec667e0834acf90ce483c537f61dea0a14bb3beabb818e6ad9d1_s390x as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "9Base-RHOSE-4.14:openshift4/metallb-rhel9-operator@sha256:c3f43370f6b4ec667e0834acf90ce483c537f61dea0a14bb3beabb818e6ad9d1_s390x"
},
"product_reference": "openshift4/metallb-rhel9-operator@sha256:c3f43370f6b4ec667e0834acf90ce483c537f61dea0a14bb3beabb818e6ad9d1_s390x",
"relates_to_product_reference": "9Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/metallb-rhel9@sha256:0809cad5a3eabe1d5fa535527bb574e300d7c02ea0cfcd29e8cf0f01d20a6d40_s390x as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "9Base-RHOSE-4.14:openshift4/metallb-rhel9@sha256:0809cad5a3eabe1d5fa535527bb574e300d7c02ea0cfcd29e8cf0f01d20a6d40_s390x"
},
"product_reference": "openshift4/metallb-rhel9@sha256:0809cad5a3eabe1d5fa535527bb574e300d7c02ea0cfcd29e8cf0f01d20a6d40_s390x",
"relates_to_product_reference": "9Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/metallb-rhel9@sha256:640fac8f22d1afb5c7e3a1f43a67d0169c006e69cc0c8c858d4113893fbd41d9_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "9Base-RHOSE-4.14:openshift4/metallb-rhel9@sha256:640fac8f22d1afb5c7e3a1f43a67d0169c006e69cc0c8c858d4113893fbd41d9_arm64"
},
"product_reference": "openshift4/metallb-rhel9@sha256:640fac8f22d1afb5c7e3a1f43a67d0169c006e69cc0c8c858d4113893fbd41d9_arm64",
"relates_to_product_reference": "9Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/metallb-rhel9@sha256:bb6f983de658f0713852e5dfafefd3808c7061c1d16f9a93d5f7b177a8c64d7f_ppc64le as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "9Base-RHOSE-4.14:openshift4/metallb-rhel9@sha256:bb6f983de658f0713852e5dfafefd3808c7061c1d16f9a93d5f7b177a8c64d7f_ppc64le"
},
"product_reference": "openshift4/metallb-rhel9@sha256:bb6f983de658f0713852e5dfafefd3808c7061c1d16f9a93d5f7b177a8c64d7f_ppc64le",
"relates_to_product_reference": "9Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/metallb-rhel9@sha256:c912a492c8da61ed281b43cf63b68aee8c3e6c56ad0683957816cc5a59c9d97a_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "9Base-RHOSE-4.14:openshift4/metallb-rhel9@sha256:c912a492c8da61ed281b43cf63b68aee8c3e6c56ad0683957816cc5a59c9d97a_amd64"
},
"product_reference": "openshift4/metallb-rhel9@sha256:c912a492c8da61ed281b43cf63b68aee8c3e6c56ad0683957816cc5a59c9d97a_amd64",
"relates_to_product_reference": "9Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:1c082ba6d2a4f3b65157056c20e29b0cbabcf231868167c350a96773b7aca6ae_s390x as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "9Base-RHOSE-4.14:openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:1c082ba6d2a4f3b65157056c20e29b0cbabcf231868167c350a96773b7aca6ae_s390x"
},
"product_reference": "openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:1c082ba6d2a4f3b65157056c20e29b0cbabcf231868167c350a96773b7aca6ae_s390x",
"relates_to_product_reference": "9Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:3b3d0f1ccc4ad3c5bf1c336630f4eb7f46ddaae36fee37a0260025224dd45628_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "9Base-RHOSE-4.14:openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:3b3d0f1ccc4ad3c5bf1c336630f4eb7f46ddaae36fee37a0260025224dd45628_amd64"
},
"product_reference": "openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:3b3d0f1ccc4ad3c5bf1c336630f4eb7f46ddaae36fee37a0260025224dd45628_amd64",
"relates_to_product_reference": "9Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:cd0658df500867eeb7b998965adb620d0cb46de763486017dcd5895ace115bbd_ppc64le as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "9Base-RHOSE-4.14:openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:cd0658df500867eeb7b998965adb620d0cb46de763486017dcd5895ace115bbd_ppc64le"
},
"product_reference": "openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:cd0658df500867eeb7b998965adb620d0cb46de763486017dcd5895ace115bbd_ppc64le",
"relates_to_product_reference": "9Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:db0607fff034e11d26709d215e141888806680f5ef9322ce9f70985cde03e56a_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "9Base-RHOSE-4.14:openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:db0607fff034e11d26709d215e141888806680f5ef9322ce9f70985cde03e56a_arm64"
},
"product_reference": "openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:db0607fff034e11d26709d215e141888806680f5ef9322ce9f70985cde03e56a_arm64",
"relates_to_product_reference": "9Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ptp-rhel9@sha256:4a6a289fd2c3b11a4754320ed9dacf16cf1994eacfc403a802fff37fd936e5af_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "9Base-RHOSE-4.14:openshift4/ose-ptp-rhel9@sha256:4a6a289fd2c3b11a4754320ed9dacf16cf1994eacfc403a802fff37fd936e5af_arm64"
},
"product_reference": "openshift4/ose-ptp-rhel9@sha256:4a6a289fd2c3b11a4754320ed9dacf16cf1994eacfc403a802fff37fd936e5af_arm64",
"relates_to_product_reference": "9Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ptp-rhel9@sha256:97ddc4cf9fbdb0256da206cda301875c56c3349c934f49dfaffb3a732311d95a_ppc64le as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "9Base-RHOSE-4.14:openshift4/ose-ptp-rhel9@sha256:97ddc4cf9fbdb0256da206cda301875c56c3349c934f49dfaffb3a732311d95a_ppc64le"
},
"product_reference": "openshift4/ose-ptp-rhel9@sha256:97ddc4cf9fbdb0256da206cda301875c56c3349c934f49dfaffb3a732311d95a_ppc64le",
"relates_to_product_reference": "9Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ptp-rhel9@sha256:edb58b48bd875d18b8ebf9bfd34b91c315766c6a2c5739152caf3ff81d044ad3_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "9Base-RHOSE-4.14:openshift4/ose-ptp-rhel9@sha256:edb58b48bd875d18b8ebf9bfd34b91c315766c6a2c5739152caf3ff81d044ad3_amd64"
},
"product_reference": "openshift4/ose-ptp-rhel9@sha256:edb58b48bd875d18b8ebf9bfd34b91c315766c6a2c5739152caf3ff81d044ad3_amd64",
"relates_to_product_reference": "9Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/sriov-cni-rhel9@sha256:207ed00baf6d077a00a6526ddd535801d3c9db36baf8e818e87db18be867576c_ppc64le as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "9Base-RHOSE-4.14:openshift4/sriov-cni-rhel9@sha256:207ed00baf6d077a00a6526ddd535801d3c9db36baf8e818e87db18be867576c_ppc64le"
},
"product_reference": "openshift4/sriov-cni-rhel9@sha256:207ed00baf6d077a00a6526ddd535801d3c9db36baf8e818e87db18be867576c_ppc64le",
"relates_to_product_reference": "9Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/sriov-cni-rhel9@sha256:f5e21358eac8e80ee201fd4b3920df5ec5a90b03bd427b229fb28ccbb661632d_amd64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "9Base-RHOSE-4.14:openshift4/sriov-cni-rhel9@sha256:f5e21358eac8e80ee201fd4b3920df5ec5a90b03bd427b229fb28ccbb661632d_amd64"
},
"product_reference": "openshift4/sriov-cni-rhel9@sha256:f5e21358eac8e80ee201fd4b3920df5ec5a90b03bd427b229fb28ccbb661632d_amd64",
"relates_to_product_reference": "9Base-RHOSE-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/sriov-cni-rhel9@sha256:ff08318a45ee53cbcbd9f43d77a00dc183676dac01c5205b7bee6d3152fca66e_arm64 as a component of Red Hat OpenShift Container Platform 4.14",
"product_id": "9Base-RHOSE-4.14:openshift4/sriov-cni-rhel9@sha256:ff08318a45ee53cbcbd9f43d77a00dc183676dac01c5205b7bee6d3152fca66e_arm64"
},
"product_reference": "openshift4/sriov-cni-rhel9@sha256:ff08318a45ee53cbcbd9f43d77a00dc183676dac01c5205b7bee6d3152fca66e_arm64",
"relates_to_product_reference": "9Base-RHOSE-4.14"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-4.14:openshift4/cloud-event-proxy-rhel8@sha256:0233506139f3316717ab4fb411d7377ab469f45bfec7e145011a0036a50a9d7d_arm64",
"8Base-RHOSE-4.14:openshift4/cloud-event-proxy-rhel8@sha256:3e3eba75b1a95f8cf5486824a48add0a2dedf9098aa9dfdf9a7ec4459223f78d_ppc64le",
"8Base-RHOSE-4.14:openshift4/cloud-event-proxy-rhel8@sha256:edfcd00796b7fff70dcdeabf5d561c444eefc8096ffdc9ea3f31bf89b616d817_amd64",
"8Base-RHOSE-4.14:openshift4/nmstate-console-plugin-rhel8@sha256:73455fb51ff54b7f75144760786e2fe31b8a405f57f66f3f3c826b47ee893576_amd64",
"8Base-RHOSE-4.14:openshift4/nmstate-console-plugin-rhel8@sha256:9b25503c39de5d5f867412e32f2d0e1e3c96cd63bb8232b45b250f13658ce8ca_arm64",
"8Base-RHOSE-4.14:openshift4/nmstate-console-plugin-rhel8@sha256:ad3c9ee876c4a3e7c67d2b862d409cc0637272a38a1b387fdf642cbd4dbb8b31_ppc64le",
"8Base-RHOSE-4.14:openshift4/nmstate-console-plugin-rhel8@sha256:bb460ed4f6b5a6394a3002f564b66a1a90dffd1399194e791c2ffc7012c67190_s390x",
"8Base-RHOSE-4.14:openshift4/ose-ansible-operator@sha256:3ab1697898937e270feadff93e17b9a4cd6de777e60fb4ab05cb856dd8b28c70_s390x",
"8Base-RHOSE-4.14:openshift4/ose-ansible-operator@sha256:7bd899717c4eb9d617f7b825c76ae2f0a246d0d4b1ef70d8494fd6e10bf97693_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-ansible-operator@sha256:b91606fd2a40224ce012e8acd18fcf20284c7ad73d4d86ff4a9c84d2adb9a96d_arm64",
"8Base-RHOSE-4.14:openshift4/ose-ansible-operator@sha256:f3a4af058e9fc03867fd91f17cce26d6dc08634fc6f872038d5be4ab3b5824a8_amd64",
"8Base-RHOSE-4.14:openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:2e2414e207988fc6398dfb00fafbb461f2ee0528af3bf534003a2a9c8e07e119_arm64",
"8Base-RHOSE-4.14:openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:929d8ad2504c63cc88bec82c80990bd755456a21c524512c57de43596578a9e7_amd64",
"8Base-RHOSE-4.14:openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:aa70f8885c6845bdf6e142867b0e958bc98a0930dbe9bcead745be548b98bfdc_amd64",
"8Base-RHOSE-4.14:openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:ebbf6a1ff536c69d8269a134d3e87b0e7972630a522ce1bb1e61c81551f7f5ae_arm64",
"8Base-RHOSE-4.14:openshift4/ose-cloud-event-proxy-rhel8@sha256:0233506139f3316717ab4fb411d7377ab469f45bfec7e145011a0036a50a9d7d_arm64",
"8Base-RHOSE-4.14:openshift4/ose-cloud-event-proxy-rhel8@sha256:3e3eba75b1a95f8cf5486824a48add0a2dedf9098aa9dfdf9a7ec4459223f78d_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-cloud-event-proxy-rhel8@sha256:edfcd00796b7fff70dcdeabf5d561c444eefc8096ffdc9ea3f31bf89b616d817_amd64",
"8Base-RHOSE-4.14:openshift4/ose-cluster-capacity@sha256:0f30c170bef2517e0c3dd41f3cddcc11e0e091963eaccd91cb922d7b6c487895_amd64",
"8Base-RHOSE-4.14:openshift4/ose-cluster-capacity@sha256:5d05868107f7c3ecedf574dda3d591760c04b78ddfdf7ae51b7f4fa575e12a5c_s390x",
"8Base-RHOSE-4.14:openshift4/ose-cluster-capacity@sha256:8df5a2f8cd8e5b1c6ad6301910f1a6d7775bcec87822d2a907ef0d6eb4cb91eb_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-cluster-capacity@sha256:c9127c4411c6d7a1cb2c32736cfa0a0b972ff6508c7cfdae86de059024225cce_arm64",
"8Base-RHOSE-4.14:openshift4/ose-cluster-nfd-operator@sha256:23b1acf720e336f758901b9022e399643b5f5e303a0e49213fafddab2d3ea723_s390x",
"8Base-RHOSE-4.14:openshift4/ose-cluster-nfd-operator@sha256:62163ceaa5be3cdd7eccd9d5040efdf3f252dd086e7185809c2431812ef8adff_amd64",
"8Base-RHOSE-4.14:openshift4/ose-cluster-nfd-operator@sha256:7b9c7c4817bf68ec006d0fb1761b6c81f72548e8bd027a002dc60d0a5f390917_arm64",
"8Base-RHOSE-4.14:openshift4/ose-cluster-nfd-operator@sha256:be3236ef05a81a2f580a95449416848357bec283afb6a2994651a40f1c560aef_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:48f91f8e33113075fddae25f7e168efe15835d23feb0747e21e930b8ca35cc0b_amd64",
"8Base-RHOSE-4.14:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:5cdbd4891472df1e3b9df59ab9182ad2df0fec81bae7ccf3d1b805927d08ad55_arm64",
"8Base-RHOSE-4.14:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:603558af93eee130812d4fbd3c5b5e70038cce20e82881f994108cb47faeb47f_s390x",
"8Base-RHOSE-4.14:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:ed73893139fefee3b698603d94c07aff11ba1b507ebf736eefebf71c591fadd1_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-clusterresourceoverride-rhel8@sha256:9085294de40f1ad5d1c41e25f0abf68ba02c4520bc4e9dee5d1f735822aae6a8_amd64",
"8Base-RHOSE-4.14:openshift4/ose-clusterresourceoverride-rhel8@sha256:ac58b89cd94942682d6620a3af7b249e0598d05caac3c986690407320db68b20_s390x",
"8Base-RHOSE-4.14:openshift4/ose-clusterresourceoverride-rhel8@sha256:f645a0c9eda6ee156a9d3dd8b44e1e3cdcfb6d4fc370c9fbec2828059162bd0f_arm64",
"8Base-RHOSE-4.14:openshift4/ose-clusterresourceoverride-rhel8@sha256:f754504100e19640509c0e38a430a51cd7cedf95aac72b5acfd1021be63e80c1_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:166caeed258b48a754012d7543eb83f104bb90886857f5152f1b97ca3340c1ff_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:324c43c8d9f052af2a44bdd2913e79cd9d7dcee5285e700a186b579cec073f23_amd64",
"8Base-RHOSE-4.14:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:47d277ee00421d2a536150ef99909841a722e9b5d7092cec3442448f7af598e4_s390x",
"8Base-RHOSE-4.14:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:eef4ba305e30869cf2cc3a54b9712458ca71eb9550c00d2ecadca50bb83754a1_arm64",
"8Base-RHOSE-4.14:openshift4/ose-egress-dns-proxy@sha256:5105f5d615caa57433ffe9351c67f012b5a3dc59f779f22085824a42413ad7da_amd64",
"8Base-RHOSE-4.14:openshift4/ose-egress-dns-proxy@sha256:a3a708a31abc7daec585f5d4fbefd60c75d17527a236dab815d8e91efd2a4ca8_arm64",
"8Base-RHOSE-4.14:openshift4/ose-egress-dns-proxy@sha256:c5acfaca74c9151e40c283c71e67ae5f1d6403f05f783728b084becdae260980_s390x",
"8Base-RHOSE-4.14:openshift4/ose-egress-dns-proxy@sha256:e5231045d512b40282c14b1b78eb9dbbf7a40258d5ac4790bcbba0e49f2c42ae_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-egress-http-proxy@sha256:15afdb8c07a3fcf206fa489a9a26a2ffc6a3c02a9bec3f3fc3501e25a4b104d6_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-egress-http-proxy@sha256:1eb78a80d2f721bfed0d357cb887e26bcd36af309411ca3a24041c9962e93770_amd64",
"8Base-RHOSE-4.14:openshift4/ose-egress-http-proxy@sha256:8d7dceabb1706c35b8c98bc036882590acd1b31318d1d8a242890f500b965631_arm64",
"8Base-RHOSE-4.14:openshift4/ose-egress-http-proxy@sha256:edf73ebdded358c1bb2bce4e103d9956194cf6d0f5eaf2fa6fa89508db6b478d_s390x",
"8Base-RHOSE-4.14:openshift4/ose-egress-router@sha256:6845dc3b6a1a1f608049bc2cc561819808bc397f82e3e119853833175b01f890_amd64",
"8Base-RHOSE-4.14:openshift4/ose-egress-router@sha256:6dcc7f04eb6d45dcad71d95642c26452ed104677c0a6792b1bc7186833bd669d_arm64",
"8Base-RHOSE-4.14:openshift4/ose-egress-router@sha256:d880b552f898125df92dcad8854f5f88e0e83a15fde87d1949c1bebda474ef57_s390x",
"8Base-RHOSE-4.14:openshift4/ose-egress-router@sha256:fc3412a4004fd2b5d29978a48a90aeaea0aadec04cb1488a558de5709c342437_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:2d3d91c55331a0cfb33fbfc7c8de6731dbffbf4bbb8c9ec4e5f72557ec972c08_arm64",
"8Base-RHOSE-4.14:openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:3ecf8091298b83e1a0b82272c81ad1b9a47ea96edb3a7b96edccab2534bdb741_amd64",
"8Base-RHOSE-4.14:openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:6dea50cae8f307a3822de67a47ac1fb65a594a0f50454e689030ac85fea23af2_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:4c3bc3000b499d1b54d8fe2abc5ee52409f44dec536154c45d0cb9068a49c30d_amd64",
"8Base-RHOSE-4.14:openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:6351b63ec08719fda2a61b1bea0924ce7640c85a4665d123bad9b6e71d5daceb_arm64",
"8Base-RHOSE-4.14:openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:9a66401431611b9b942f68573fa1a0b45fafbff85c100ecd796a73a9e83208b1_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-helm-operator@sha256:155832f8b4b038aa41e76a1ed3fa0cf3250a062a45830361e5b7c07d249c7c1f_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-helm-operator@sha256:3db0afaf76b46cbc520f5888e120d35b67bb317a8641a44f99d6b759c7cf6e6a_amd64",
"8Base-RHOSE-4.14:openshift4/ose-helm-operator@sha256:78fb603acaec5f02aad58c26c481210303139c9bee7088d77a41ce8ffb2cbd63_arm64",
"8Base-RHOSE-4.14:openshift4/ose-helm-operator@sha256:9f2df7136f35a80310b2c61fa7a6466349358a3cca0699e6e1fc7c8fe2f6afa7_s390x",
"8Base-RHOSE-4.14:openshift4/ose-local-storage-diskmaker@sha256:2601f42edc41c0d559b6576ed5a27c6cb30832cab5e3c2f905a4b05989d3f6e1_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-local-storage-diskmaker@sha256:9eb6db1b88adeee9ff22599cf003ae802b15a7882f11811f404be38e8aff552a_amd64",
"8Base-RHOSE-4.14:openshift4/ose-local-storage-diskmaker@sha256:c17a11d96808a60770d9584d514fa9b8e1e9af157f2cf79a2014d50d9d6199f1_arm64",
"8Base-RHOSE-4.14:openshift4/ose-local-storage-diskmaker@sha256:fe6e83adaf8e0b5458a2dfbf84c967472975cd9e279a37af9cebcd2646b78bfa_s390x",
"8Base-RHOSE-4.14:openshift4/ose-local-storage-mustgather-rhel8@sha256:6f62e11148817aafa34ed32230aa09dd72e47be9a21fa74a960b1806acd5b6d5_s390x",
"8Base-RHOSE-4.14:openshift4/ose-local-storage-mustgather-rhel8@sha256:a2004ef0cfe5c2bd9557e81bf7e14bb7bac86e066c2ac9fcf1fb1f4c4affe209_amd64",
"8Base-RHOSE-4.14:openshift4/ose-local-storage-mustgather-rhel8@sha256:bb2169b62a6dd96f9d589eab45981c79f3e8c3c7422fe47b70ddc28548804574_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-local-storage-mustgather-rhel8@sha256:d598aaab20904ca3a7f8c1cd662ab885d417dacd404e2d5815e456cd9f89e317_arm64",
"8Base-RHOSE-4.14:openshift4/ose-local-storage-operator@sha256:229629a1cc2efda7eb97c7e5a05fea436af8a799ee15b1950f13c39722b9aac1_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-local-storage-operator@sha256:59a79f32bfdb17d733440113388ba60d6e3c578fcc093795d2ccbe912aee5889_arm64",
"8Base-RHOSE-4.14:openshift4/ose-local-storage-operator@sha256:69da9a9b9063086cd4a488d1f3e1822fdf4e0905c47922effadaab4f6d10cf72_s390x",
"8Base-RHOSE-4.14:openshift4/ose-local-storage-operator@sha256:d4365e00ab608ba339b879e21f2dea2a2466f28228b7d190dba6303eeaa2bdc6_amd64",
"8Base-RHOSE-4.14:openshift4/ose-node-feature-discovery@sha256:26b6dd839999c6f69d0e19e1e8c82e6f611583144806e500f8c7162d28488153_amd64",
"8Base-RHOSE-4.14:openshift4/ose-node-feature-discovery@sha256:6c39cede9440d2bdca5641682c58d8e33eaeb12dcc5998d917d90102bc646aa6_s390x",
"8Base-RHOSE-4.14:openshift4/ose-node-feature-discovery@sha256:9e75a192bddc56383c17223a0330ffdc62eef5135086b0cae4b374b03e844bb3_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-node-feature-discovery@sha256:dc5a8d56401996a8110c1cd6eccd68228d38ed5882698f66e115075fc4583ab6_arm64",
"8Base-RHOSE-4.14:openshift4/ose-operator-sdk-rhel8@sha256:3d3760bd0c452b1c6f183446634175701fcc41b348a8d580c94582cad3dc7bf7_arm64",
"8Base-RHOSE-4.14:openshift4/ose-operator-sdk-rhel8@sha256:3dffaff72c5a2271e03d0b173af972acacdce214e7c5aa8c1560826798ef3c86_s390x",
"8Base-RHOSE-4.14:openshift4/ose-operator-sdk-rhel8@sha256:40268201ed39372d63a93bc14b10081b858759dd550d99641b52645a3ac8f4b7_amd64",
"8Base-RHOSE-4.14:openshift4/ose-operator-sdk-rhel8@sha256:d88ffcb4d9ec6be183f4c6f74aa49f83031f3af972d4bd293369476e0e2e436b_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-ptp-operator@sha256:3c3e0881e66ef1533a965c0dfa2d4e2816fb794a620a48c8cf587650101ce90f_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-ptp-operator@sha256:e0be86b6efc1c1898ff40374e2accbe0458e314baa400ff752fbdb8a555c079c_arm64",
"8Base-RHOSE-4.14:openshift4/ose-ptp-operator@sha256:fd92f9f6285a523b6768436d05af8049415d1ed35a11312f7878328ce2813381_amd64",
"8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:2857961dbd07c174e3c6ddc70fb789ce85e14a00e23cae3e4385d86b7c73b12e_amd64",
"8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:49ce7183466766fc00ba90bdae5f7622f219e0a916906d1bcebc0e0dd7c735f9_s390x",
"8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:4a099fea103dbf21971b79cad02327fac7a50912793cca32f31df71d6c2a1606_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:674dda9f790499a4746f13234612046f126bb2b9a6c94d81d845409979f07a38_arm64",
"8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-driver-rhel8@sha256:2339ae002806aa5322420a38f67da684ebc4fde8a94d06bc8798b9398dcad391_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-driver-rhel8@sha256:a5698b6dfa73b393ee9fcd81877f9c55cbbf6cca8ea82e968368803e67516b5c_arm64",
"8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-driver-rhel8@sha256:b6380d146d2a8ce0cae86dd335f46a01697c3c91ac4b1d35f5610a0f538e5315_amd64",
"8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-driver-rhel8@sha256:def7201739aec6c06ddb4f2c5f893d3f76f118e9af97d4a4402fe296727dc8d4_s390x",
"8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:12cb94865b6698b8561fd21749d64ace31711375dd69a156dc58b280fa7b5867_amd64",
"8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:7ce304db9bfd1e4ba74cd5307c006baabd7231b96e72a7783b12c85d47d83b8a_s390x",
"8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:9cbc765dfa9c5a11b8fe8096e523ef9705d75526343c6864c399f8416e879f2f_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:fa57aff3382f7b4745673b217f61ba4496c7d67be7c852eebb93f5450df39c8c_arm64",
"8Base-RHOSE-4.14:openshift4/ose-sriov-dp-admission-controller@sha256:22ff303478681836fd5510c2adb2d2191f94b1d7a7f4e13e7da093a6ad73d10b_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-sriov-dp-admission-controller@sha256:830ed60efcaf17e35764820f0ec826545c6dc9b7f1613b5671d45db0329ec044_amd64",
"8Base-RHOSE-4.14:openshift4/ose-sriov-dp-admission-controller@sha256:fdda28aec9753d39bfd2c0098d4384ae7ad14250dab14b3a115aac568baed368_arm64",
"8Base-RHOSE-4.14:openshift4/ose-sriov-infiniband-cni@sha256:7014d8c68ef59a17cad0f55ec727c8b0444acd18b0fc6487d2662b631dbddac5_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-sriov-infiniband-cni@sha256:bf7828ef911caa2e3dcb124ce66457a0aae21200ff0ada9929221d4d6cf3454c_amd64",
"8Base-RHOSE-4.14:openshift4/ose-sriov-infiniband-cni@sha256:d193a096f62cf7d366eed248157b5384c1a73edf0712f6cccb8d7835d760cf1f_arm64",
"8Base-RHOSE-4.14:openshift4/ose-sriov-network-device-plugin@sha256:30b935ecfa51f199c9dc104975242e4251f8361ea4dd1ff2c0b0d83b7f4630b3_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-sriov-network-device-plugin@sha256:3a5da82b4327cf32eb9b6d128aa345d0be36f42ca861c857bc6fca4c4f1eecaa_arm64",
"8Base-RHOSE-4.14:openshift4/ose-sriov-network-device-plugin@sha256:f52d2c9a995d0d00af6394de7fc5239b6a494295eedb22debd8024125940d659_amd64",
"8Base-RHOSE-4.14:openshift4/ose-sriov-network-operator@sha256:b8f20871bbf1edb04d0d8d539777a02d4ae1404c355297a1f3adf7682aca6106_amd64",
"8Base-RHOSE-4.14:openshift4/ose-sriov-network-operator@sha256:dde4cfe3c53192974f810ba48792d2544152405103a48347c5c4d95d3ad8c4ce_arm64",
"8Base-RHOSE-4.14:openshift4/ose-sriov-network-operator@sha256:ecc2bc79460e660198b1642bd0cb616ca623e3a686a303b90e8ea923c1627a65_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-sriov-network-webhook@sha256:c5085ac0089de82f8c873830a897c0e7986d96bc766e19ddd3ee73152f244c30_arm64",
"8Base-RHOSE-4.14:openshift4/ose-sriov-network-webhook@sha256:da46eb4b254a9dc777959e263fefefd5a38e18d52974faf3ef2a70abe5983114_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-sriov-network-webhook@sha256:fd6f41701c4c193afe47879a15f7e96a6db3683d13d41efae8dd9d60d1af298e_amd64",
"8Base-RHOSE-4.14:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:36b350ba9856d2498e0a472f7f2dadc2e996361ca61fbf54716df1e23736e682_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:4f3958298e1b6c0e7ae456da55502f7e78654d2b18d0061b3ee7d4ad9e0fcfd0_s390x",
"8Base-RHOSE-4.14:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:8dbcc2e15c8b36c68e088a6cdf2e91177b04fa59bb3bb1790bf6033da8135e16_arm64",
"8Base-RHOSE-4.14:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:a55e4ba925da6c54f0deeccd978eb1fcaa589be69da58fd0c03fafad6301e968_amd64",
"8Base-RHOSE-4.14:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:3fafe355d0816b4c07a8760887e0626416bc485c8f40930a55b235539e60a4fd_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:46a5db2674418804e90cbbe9757f8b738bf92f9fd7bc59a1b7e24f128bd4c48e_amd64",
"8Base-RHOSE-4.14:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:b4b1c46902cb7e75fe92227e551f69a605611848d0de6a84dd02b47dbe156833_s390x",
"8Base-RHOSE-4.14:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:e0ab787a1380d1f8f209aac1d347cb4d1cb7adb8156efd530324fea16604422e_arm64",
"8Base-RHOSE-4.14:openshift4/ptp-must-gather-rhel8@sha256:5a25db7c37642b87bd7a91e561f7beea7e55f6694e66163db7c23e11130c6165_amd64",
"8Base-RHOSE-4.14:openshift4/ptp-must-gather-rhel8@sha256:84d4108297c134dbe94e4e00c45ff68f4f5b1119bd6389a12d8a0ee5c4d13eb4_ppc64le",
"8Base-RHOSE-4.14:openshift4/ptp-must-gather-rhel8@sha256:ce42996d1525496c72b7211ad37de3cc99203fa9362977322f656421db4a4fb0_arm64",
"9Base-RHOSE-4.14:openshift4/frr-rhel9@sha256:27a9c1e634790230c826d34a9560017534ab0447204e1426e27c01235a996857_arm64",
"9Base-RHOSE-4.14:openshift4/frr-rhel9@sha256:2a8bf055bca3d1ded35b1dbabf7c6ee969db60453c83287af4d6cb21ab467f7c_amd64",
"9Base-RHOSE-4.14:openshift4/frr-rhel9@sha256:84e10305f463777e88a01f0a479c91264d1cdb6e5974c7969b822662016d4ee8_s390x",
"9Base-RHOSE-4.14:openshift4/frr-rhel9@sha256:8d2b596cd979659bf6315108291aec567d187b91c4aa6ed0195c20936bb03b94_ppc64le",
"9Base-RHOSE-4.14:openshift4/ingress-node-firewall-rhel9-operator@sha256:32c12362ad54a0ffcd979ccdffd150e6fd4a8e9dc5d238aba30f40afeae13f40_arm64",
"9Base-RHOSE-4.14:openshift4/ingress-node-firewall-rhel9-operator@sha256:88baf977bdb6a6039e03f4058af9d1dc335ad0d1cabbefb5e603fbcc343fe26e_ppc64le",
"9Base-RHOSE-4.14:openshift4/ingress-node-firewall-rhel9-operator@sha256:b61cc9682c3b773716f6a44c38f07150a25a22bf755d512fc6912e289658a3c1_s390x",
"9Base-RHOSE-4.14:openshift4/ingress-node-firewall-rhel9-operator@sha256:d7716b05b7ffc84e38dca2c87172564214734ff0cc2e5b734f963de141e07b86_amd64",
"9Base-RHOSE-4.14:openshift4/ingress-node-firewall-rhel9@sha256:04336565c63caea4f35906c909565c0c4f643a99ea720ed04584e558e9db9ded_s390x",
"9Base-RHOSE-4.14:openshift4/ingress-node-firewall-rhel9@sha256:96802e02ddb58f3744b36e2b6194c4bef07510b53493bbabf7a61a4b54a8fdf7_arm64",
"9Base-RHOSE-4.14:openshift4/ingress-node-firewall-rhel9@sha256:985c78cbef57834ffb72edff477729d48e94fea3d2b8591a80288579ea7dfff7_ppc64le",
"9Base-RHOSE-4.14:openshift4/ingress-node-firewall-rhel9@sha256:cc23cf464f6dfb77854b04c5c939744259ee935425d0197710f6348b75b9eba9_amd64",
"9Base-RHOSE-4.14:openshift4/kubernetes-nmstate-rhel9-operator@sha256:5df6fdb232e0f834571fcd11856625a89793ca0b17a6f98332e692f209af378a_ppc64le",
"9Base-RHOSE-4.14:openshift4/kubernetes-nmstate-rhel9-operator@sha256:70262eb0385b7420a41f3091a3d9ae1c8d1f2df7c74a22a3832852ada597b2fa_arm64",
"9Base-RHOSE-4.14:openshift4/kubernetes-nmstate-rhel9-operator@sha256:8a54c5069c601ef93dc353d99cedff5516866b724c1b51f928dd5c214eaea5ed_amd64",
"9Base-RHOSE-4.14:openshift4/kubernetes-nmstate-rhel9-operator@sha256:9469ea9eff0b22c620060bc3743004e94aab005329fe0839629255392a318d6d_s390x",
"9Base-RHOSE-4.14:openshift4/metallb-rhel9-operator@sha256:56fb0a43bc9523519bbdb8ce5fb95180a2fec3d73bfda2112b5a8fe8a0951902_amd64",
"9Base-RHOSE-4.14:openshift4/metallb-rhel9-operator@sha256:60b33ad6b9e49d9d34fce895b735618a0b9b488b1ea833206f4c1d71f21c8993_arm64",
"9Base-RHOSE-4.14:openshift4/metallb-rhel9-operator@sha256:6da914e66d7047b31a3da77b527df3ed21f55f1e298d0b0c7e4ce212380f268b_ppc64le",
"9Base-RHOSE-4.14:openshift4/metallb-rhel9-operator@sha256:c3f43370f6b4ec667e0834acf90ce483c537f61dea0a14bb3beabb818e6ad9d1_s390x",
"9Base-RHOSE-4.14:openshift4/metallb-rhel9@sha256:0809cad5a3eabe1d5fa535527bb574e300d7c02ea0cfcd29e8cf0f01d20a6d40_s390x",
"9Base-RHOSE-4.14:openshift4/metallb-rhel9@sha256:640fac8f22d1afb5c7e3a1f43a67d0169c006e69cc0c8c858d4113893fbd41d9_arm64",
"9Base-RHOSE-4.14:openshift4/metallb-rhel9@sha256:bb6f983de658f0713852e5dfafefd3808c7061c1d16f9a93d5f7b177a8c64d7f_ppc64le",
"9Base-RHOSE-4.14:openshift4/metallb-rhel9@sha256:c912a492c8da61ed281b43cf63b68aee8c3e6c56ad0683957816cc5a59c9d97a_amd64",
"9Base-RHOSE-4.14:openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:1c082ba6d2a4f3b65157056c20e29b0cbabcf231868167c350a96773b7aca6ae_s390x",
"9Base-RHOSE-4.14:openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:3b3d0f1ccc4ad3c5bf1c336630f4eb7f46ddaae36fee37a0260025224dd45628_amd64",
"9Base-RHOSE-4.14:openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:cd0658df500867eeb7b998965adb620d0cb46de763486017dcd5895ace115bbd_ppc64le",
"9Base-RHOSE-4.14:openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:db0607fff034e11d26709d215e141888806680f5ef9322ce9f70985cde03e56a_arm64",
"9Base-RHOSE-4.14:openshift4/ose-ptp-rhel9@sha256:4a6a289fd2c3b11a4754320ed9dacf16cf1994eacfc403a802fff37fd936e5af_arm64",
"9Base-RHOSE-4.14:openshift4/ose-ptp-rhel9@sha256:97ddc4cf9fbdb0256da206cda301875c56c3349c934f49dfaffb3a732311d95a_ppc64le",
"9Base-RHOSE-4.14:openshift4/ose-ptp-rhel9@sha256:edb58b48bd875d18b8ebf9bfd34b91c315766c6a2c5739152caf3ff81d044ad3_amd64",
"9Base-RHOSE-4.14:openshift4/sriov-cni-rhel9@sha256:207ed00baf6d077a00a6526ddd535801d3c9db36baf8e818e87db18be867576c_ppc64le",
"9Base-RHOSE-4.14:openshift4/sriov-cni-rhel9@sha256:f5e21358eac8e80ee201fd4b3920df5ec5a90b03bd427b229fb28ccbb661632d_amd64",
"9Base-RHOSE-4.14:openshift4/sriov-cni-rhel9@sha256:ff08318a45ee53cbcbd9f43d77a00dc183676dac01c5205b7bee6d3152fca66e_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.14:openshift4/ose-sriov-network-config-daemon@sha256:03334b3311eb1077e01e06e90b99936f1cee32d336e17d959f1de79af7b149d2_amd64",
"8Base-RHOSE-4.14:openshift4/ose-sriov-network-config-daemon@sha256:53939bd098c335aa5199436e960b435495a80b50dd03f1300dbcd21e1c68b4f6_arm64",
"8Base-RHOSE-4.14:openshift4/ose-sriov-network-config-daemon@sha256:6bc4f173c437f9c1f1fa22b1822772c3524b2ba8f8de1665ade371270437a11c_ppc64le"
],
"known_not_affected": [
"8Base-RHOSE-4.14:openshift4/cloud-event-proxy-rhel8@sha256:0233506139f3316717ab4fb411d7377ab469f45bfec7e145011a0036a50a9d7d_arm64",
"8Base-RHOSE-4.14:openshift4/cloud-event-proxy-rhel8@sha256:3e3eba75b1a95f8cf5486824a48add0a2dedf9098aa9dfdf9a7ec4459223f78d_ppc64le",
"8Base-RHOSE-4.14:openshift4/cloud-event-proxy-rhel8@sha256:edfcd00796b7fff70dcdeabf5d561c444eefc8096ffdc9ea3f31bf89b616d817_amd64",
"8Base-RHOSE-4.14:openshift4/nmstate-console-plugin-rhel8@sha256:73455fb51ff54b7f75144760786e2fe31b8a405f57f66f3f3c826b47ee893576_amd64",
"8Base-RHOSE-4.14:openshift4/nmstate-console-plugin-rhel8@sha256:9b25503c39de5d5f867412e32f2d0e1e3c96cd63bb8232b45b250f13658ce8ca_arm64",
"8Base-RHOSE-4.14:openshift4/nmstate-console-plugin-rhel8@sha256:ad3c9ee876c4a3e7c67d2b862d409cc0637272a38a1b387fdf642cbd4dbb8b31_ppc64le",
"8Base-RHOSE-4.14:openshift4/nmstate-console-plugin-rhel8@sha256:bb460ed4f6b5a6394a3002f564b66a1a90dffd1399194e791c2ffc7012c67190_s390x",
"8Base-RHOSE-4.14:openshift4/ose-ansible-operator@sha256:3ab1697898937e270feadff93e17b9a4cd6de777e60fb4ab05cb856dd8b28c70_s390x",
"8Base-RHOSE-4.14:openshift4/ose-ansible-operator@sha256:7bd899717c4eb9d617f7b825c76ae2f0a246d0d4b1ef70d8494fd6e10bf97693_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-ansible-operator@sha256:b91606fd2a40224ce012e8acd18fcf20284c7ad73d4d86ff4a9c84d2adb9a96d_arm64",
"8Base-RHOSE-4.14:openshift4/ose-ansible-operator@sha256:f3a4af058e9fc03867fd91f17cce26d6dc08634fc6f872038d5be4ab3b5824a8_amd64",
"8Base-RHOSE-4.14:openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:2e2414e207988fc6398dfb00fafbb461f2ee0528af3bf534003a2a9c8e07e119_arm64",
"8Base-RHOSE-4.14:openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:929d8ad2504c63cc88bec82c80990bd755456a21c524512c57de43596578a9e7_amd64",
"8Base-RHOSE-4.14:openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:aa70f8885c6845bdf6e142867b0e958bc98a0930dbe9bcead745be548b98bfdc_amd64",
"8Base-RHOSE-4.14:openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:ebbf6a1ff536c69d8269a134d3e87b0e7972630a522ce1bb1e61c81551f7f5ae_arm64",
"8Base-RHOSE-4.14:openshift4/ose-cloud-event-proxy-rhel8@sha256:0233506139f3316717ab4fb411d7377ab469f45bfec7e145011a0036a50a9d7d_arm64",
"8Base-RHOSE-4.14:openshift4/ose-cloud-event-proxy-rhel8@sha256:3e3eba75b1a95f8cf5486824a48add0a2dedf9098aa9dfdf9a7ec4459223f78d_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-cloud-event-proxy-rhel8@sha256:edfcd00796b7fff70dcdeabf5d561c444eefc8096ffdc9ea3f31bf89b616d817_amd64",
"8Base-RHOSE-4.14:openshift4/ose-cluster-capacity@sha256:0f30c170bef2517e0c3dd41f3cddcc11e0e091963eaccd91cb922d7b6c487895_amd64",
"8Base-RHOSE-4.14:openshift4/ose-cluster-capacity@sha256:5d05868107f7c3ecedf574dda3d591760c04b78ddfdf7ae51b7f4fa575e12a5c_s390x",
"8Base-RHOSE-4.14:openshift4/ose-cluster-capacity@sha256:8df5a2f8cd8e5b1c6ad6301910f1a6d7775bcec87822d2a907ef0d6eb4cb91eb_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-cluster-capacity@sha256:c9127c4411c6d7a1cb2c32736cfa0a0b972ff6508c7cfdae86de059024225cce_arm64",
"8Base-RHOSE-4.14:openshift4/ose-cluster-nfd-operator@sha256:23b1acf720e336f758901b9022e399643b5f5e303a0e49213fafddab2d3ea723_s390x",
"8Base-RHOSE-4.14:openshift4/ose-cluster-nfd-operator@sha256:62163ceaa5be3cdd7eccd9d5040efdf3f252dd086e7185809c2431812ef8adff_amd64",
"8Base-RHOSE-4.14:openshift4/ose-cluster-nfd-operator@sha256:7b9c7c4817bf68ec006d0fb1761b6c81f72548e8bd027a002dc60d0a5f390917_arm64",
"8Base-RHOSE-4.14:openshift4/ose-cluster-nfd-operator@sha256:be3236ef05a81a2f580a95449416848357bec283afb6a2994651a40f1c560aef_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:48f91f8e33113075fddae25f7e168efe15835d23feb0747e21e930b8ca35cc0b_amd64",
"8Base-RHOSE-4.14:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:5cdbd4891472df1e3b9df59ab9182ad2df0fec81bae7ccf3d1b805927d08ad55_arm64",
"8Base-RHOSE-4.14:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:603558af93eee130812d4fbd3c5b5e70038cce20e82881f994108cb47faeb47f_s390x",
"8Base-RHOSE-4.14:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:ed73893139fefee3b698603d94c07aff11ba1b507ebf736eefebf71c591fadd1_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-clusterresourceoverride-rhel8@sha256:9085294de40f1ad5d1c41e25f0abf68ba02c4520bc4e9dee5d1f735822aae6a8_amd64",
"8Base-RHOSE-4.14:openshift4/ose-clusterresourceoverride-rhel8@sha256:ac58b89cd94942682d6620a3af7b249e0598d05caac3c986690407320db68b20_s390x",
"8Base-RHOSE-4.14:openshift4/ose-clusterresourceoverride-rhel8@sha256:f645a0c9eda6ee156a9d3dd8b44e1e3cdcfb6d4fc370c9fbec2828059162bd0f_arm64",
"8Base-RHOSE-4.14:openshift4/ose-clusterresourceoverride-rhel8@sha256:f754504100e19640509c0e38a430a51cd7cedf95aac72b5acfd1021be63e80c1_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:166caeed258b48a754012d7543eb83f104bb90886857f5152f1b97ca3340c1ff_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:324c43c8d9f052af2a44bdd2913e79cd9d7dcee5285e700a186b579cec073f23_amd64",
"8Base-RHOSE-4.14:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:47d277ee00421d2a536150ef99909841a722e9b5d7092cec3442448f7af598e4_s390x",
"8Base-RHOSE-4.14:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:eef4ba305e30869cf2cc3a54b9712458ca71eb9550c00d2ecadca50bb83754a1_arm64",
"8Base-RHOSE-4.14:openshift4/ose-egress-dns-proxy@sha256:5105f5d615caa57433ffe9351c67f012b5a3dc59f779f22085824a42413ad7da_amd64",
"8Base-RHOSE-4.14:openshift4/ose-egress-dns-proxy@sha256:a3a708a31abc7daec585f5d4fbefd60c75d17527a236dab815d8e91efd2a4ca8_arm64",
"8Base-RHOSE-4.14:openshift4/ose-egress-dns-proxy@sha256:c5acfaca74c9151e40c283c71e67ae5f1d6403f05f783728b084becdae260980_s390x",
"8Base-RHOSE-4.14:openshift4/ose-egress-dns-proxy@sha256:e5231045d512b40282c14b1b78eb9dbbf7a40258d5ac4790bcbba0e49f2c42ae_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-egress-http-proxy@sha256:15afdb8c07a3fcf206fa489a9a26a2ffc6a3c02a9bec3f3fc3501e25a4b104d6_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-egress-http-proxy@sha256:1eb78a80d2f721bfed0d357cb887e26bcd36af309411ca3a24041c9962e93770_amd64",
"8Base-RHOSE-4.14:openshift4/ose-egress-http-proxy@sha256:8d7dceabb1706c35b8c98bc036882590acd1b31318d1d8a242890f500b965631_arm64",
"8Base-RHOSE-4.14:openshift4/ose-egress-http-proxy@sha256:edf73ebdded358c1bb2bce4e103d9956194cf6d0f5eaf2fa6fa89508db6b478d_s390x",
"8Base-RHOSE-4.14:openshift4/ose-egress-router@sha256:6845dc3b6a1a1f608049bc2cc561819808bc397f82e3e119853833175b01f890_amd64",
"8Base-RHOSE-4.14:openshift4/ose-egress-router@sha256:6dcc7f04eb6d45dcad71d95642c26452ed104677c0a6792b1bc7186833bd669d_arm64",
"8Base-RHOSE-4.14:openshift4/ose-egress-router@sha256:d880b552f898125df92dcad8854f5f88e0e83a15fde87d1949c1bebda474ef57_s390x",
"8Base-RHOSE-4.14:openshift4/ose-egress-router@sha256:fc3412a4004fd2b5d29978a48a90aeaea0aadec04cb1488a558de5709c342437_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:2d3d91c55331a0cfb33fbfc7c8de6731dbffbf4bbb8c9ec4e5f72557ec972c08_arm64",
"8Base-RHOSE-4.14:openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:3ecf8091298b83e1a0b82272c81ad1b9a47ea96edb3a7b96edccab2534bdb741_amd64",
"8Base-RHOSE-4.14:openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:6dea50cae8f307a3822de67a47ac1fb65a594a0f50454e689030ac85fea23af2_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:4c3bc3000b499d1b54d8fe2abc5ee52409f44dec536154c45d0cb9068a49c30d_amd64",
"8Base-RHOSE-4.14:openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:6351b63ec08719fda2a61b1bea0924ce7640c85a4665d123bad9b6e71d5daceb_arm64",
"8Base-RHOSE-4.14:openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:9a66401431611b9b942f68573fa1a0b45fafbff85c100ecd796a73a9e83208b1_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-helm-operator@sha256:155832f8b4b038aa41e76a1ed3fa0cf3250a062a45830361e5b7c07d249c7c1f_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-helm-operator@sha256:3db0afaf76b46cbc520f5888e120d35b67bb317a8641a44f99d6b759c7cf6e6a_amd64",
"8Base-RHOSE-4.14:openshift4/ose-helm-operator@sha256:78fb603acaec5f02aad58c26c481210303139c9bee7088d77a41ce8ffb2cbd63_arm64",
"8Base-RHOSE-4.14:openshift4/ose-helm-operator@sha256:9f2df7136f35a80310b2c61fa7a6466349358a3cca0699e6e1fc7c8fe2f6afa7_s390x",
"8Base-RHOSE-4.14:openshift4/ose-local-storage-diskmaker@sha256:2601f42edc41c0d559b6576ed5a27c6cb30832cab5e3c2f905a4b05989d3f6e1_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-local-storage-diskmaker@sha256:9eb6db1b88adeee9ff22599cf003ae802b15a7882f11811f404be38e8aff552a_amd64",
"8Base-RHOSE-4.14:openshift4/ose-local-storage-diskmaker@sha256:c17a11d96808a60770d9584d514fa9b8e1e9af157f2cf79a2014d50d9d6199f1_arm64",
"8Base-RHOSE-4.14:openshift4/ose-local-storage-diskmaker@sha256:fe6e83adaf8e0b5458a2dfbf84c967472975cd9e279a37af9cebcd2646b78bfa_s390x",
"8Base-RHOSE-4.14:openshift4/ose-local-storage-mustgather-rhel8@sha256:6f62e11148817aafa34ed32230aa09dd72e47be9a21fa74a960b1806acd5b6d5_s390x",
"8Base-RHOSE-4.14:openshift4/ose-local-storage-mustgather-rhel8@sha256:a2004ef0cfe5c2bd9557e81bf7e14bb7bac86e066c2ac9fcf1fb1f4c4affe209_amd64",
"8Base-RHOSE-4.14:openshift4/ose-local-storage-mustgather-rhel8@sha256:bb2169b62a6dd96f9d589eab45981c79f3e8c3c7422fe47b70ddc28548804574_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-local-storage-mustgather-rhel8@sha256:d598aaab20904ca3a7f8c1cd662ab885d417dacd404e2d5815e456cd9f89e317_arm64",
"8Base-RHOSE-4.14:openshift4/ose-local-storage-operator@sha256:229629a1cc2efda7eb97c7e5a05fea436af8a799ee15b1950f13c39722b9aac1_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-local-storage-operator@sha256:59a79f32bfdb17d733440113388ba60d6e3c578fcc093795d2ccbe912aee5889_arm64",
"8Base-RHOSE-4.14:openshift4/ose-local-storage-operator@sha256:69da9a9b9063086cd4a488d1f3e1822fdf4e0905c47922effadaab4f6d10cf72_s390x",
"8Base-RHOSE-4.14:openshift4/ose-local-storage-operator@sha256:d4365e00ab608ba339b879e21f2dea2a2466f28228b7d190dba6303eeaa2bdc6_amd64",
"8Base-RHOSE-4.14:openshift4/ose-node-feature-discovery@sha256:26b6dd839999c6f69d0e19e1e8c82e6f611583144806e500f8c7162d28488153_amd64",
"8Base-RHOSE-4.14:openshift4/ose-node-feature-discovery@sha256:6c39cede9440d2bdca5641682c58d8e33eaeb12dcc5998d917d90102bc646aa6_s390x",
"8Base-RHOSE-4.14:openshift4/ose-node-feature-discovery@sha256:9e75a192bddc56383c17223a0330ffdc62eef5135086b0cae4b374b03e844bb3_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-node-feature-discovery@sha256:dc5a8d56401996a8110c1cd6eccd68228d38ed5882698f66e115075fc4583ab6_arm64",
"8Base-RHOSE-4.14:openshift4/ose-operator-sdk-rhel8@sha256:3d3760bd0c452b1c6f183446634175701fcc41b348a8d580c94582cad3dc7bf7_arm64",
"8Base-RHOSE-4.14:openshift4/ose-operator-sdk-rhel8@sha256:3dffaff72c5a2271e03d0b173af972acacdce214e7c5aa8c1560826798ef3c86_s390x",
"8Base-RHOSE-4.14:openshift4/ose-operator-sdk-rhel8@sha256:40268201ed39372d63a93bc14b10081b858759dd550d99641b52645a3ac8f4b7_amd64",
"8Base-RHOSE-4.14:openshift4/ose-operator-sdk-rhel8@sha256:d88ffcb4d9ec6be183f4c6f74aa49f83031f3af972d4bd293369476e0e2e436b_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-ptp-operator@sha256:3c3e0881e66ef1533a965c0dfa2d4e2816fb794a620a48c8cf587650101ce90f_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-ptp-operator@sha256:e0be86b6efc1c1898ff40374e2accbe0458e314baa400ff752fbdb8a555c079c_arm64",
"8Base-RHOSE-4.14:openshift4/ose-ptp-operator@sha256:fd92f9f6285a523b6768436d05af8049415d1ed35a11312f7878328ce2813381_amd64",
"8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:2857961dbd07c174e3c6ddc70fb789ce85e14a00e23cae3e4385d86b7c73b12e_amd64",
"8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:49ce7183466766fc00ba90bdae5f7622f219e0a916906d1bcebc0e0dd7c735f9_s390x",
"8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:4a099fea103dbf21971b79cad02327fac7a50912793cca32f31df71d6c2a1606_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:674dda9f790499a4746f13234612046f126bb2b9a6c94d81d845409979f07a38_arm64",
"8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-driver-rhel8@sha256:2339ae002806aa5322420a38f67da684ebc4fde8a94d06bc8798b9398dcad391_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-driver-rhel8@sha256:a5698b6dfa73b393ee9fcd81877f9c55cbbf6cca8ea82e968368803e67516b5c_arm64",
"8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-driver-rhel8@sha256:b6380d146d2a8ce0cae86dd335f46a01697c3c91ac4b1d35f5610a0f538e5315_amd64",
"8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-driver-rhel8@sha256:def7201739aec6c06ddb4f2c5f893d3f76f118e9af97d4a4402fe296727dc8d4_s390x",
"8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:12cb94865b6698b8561fd21749d64ace31711375dd69a156dc58b280fa7b5867_amd64",
"8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:7ce304db9bfd1e4ba74cd5307c006baabd7231b96e72a7783b12c85d47d83b8a_s390x",
"8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:9cbc765dfa9c5a11b8fe8096e523ef9705d75526343c6864c399f8416e879f2f_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:fa57aff3382f7b4745673b217f61ba4496c7d67be7c852eebb93f5450df39c8c_arm64",
"8Base-RHOSE-4.14:openshift4/ose-sriov-dp-admission-controller@sha256:22ff303478681836fd5510c2adb2d2191f94b1d7a7f4e13e7da093a6ad73d10b_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-sriov-dp-admission-controller@sha256:830ed60efcaf17e35764820f0ec826545c6dc9b7f1613b5671d45db0329ec044_amd64",
"8Base-RHOSE-4.14:openshift4/ose-sriov-dp-admission-controller@sha256:fdda28aec9753d39bfd2c0098d4384ae7ad14250dab14b3a115aac568baed368_arm64",
"8Base-RHOSE-4.14:openshift4/ose-sriov-infiniband-cni@sha256:7014d8c68ef59a17cad0f55ec727c8b0444acd18b0fc6487d2662b631dbddac5_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-sriov-infiniband-cni@sha256:bf7828ef911caa2e3dcb124ce66457a0aae21200ff0ada9929221d4d6cf3454c_amd64",
"8Base-RHOSE-4.14:openshift4/ose-sriov-infiniband-cni@sha256:d193a096f62cf7d366eed248157b5384c1a73edf0712f6cccb8d7835d760cf1f_arm64",
"8Base-RHOSE-4.14:openshift4/ose-sriov-network-device-plugin@sha256:30b935ecfa51f199c9dc104975242e4251f8361ea4dd1ff2c0b0d83b7f4630b3_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-sriov-network-device-plugin@sha256:3a5da82b4327cf32eb9b6d128aa345d0be36f42ca861c857bc6fca4c4f1eecaa_arm64",
"8Base-RHOSE-4.14:openshift4/ose-sriov-network-device-plugin@sha256:f52d2c9a995d0d00af6394de7fc5239b6a494295eedb22debd8024125940d659_amd64",
"8Base-RHOSE-4.14:openshift4/ose-sriov-network-operator@sha256:b8f20871bbf1edb04d0d8d539777a02d4ae1404c355297a1f3adf7682aca6106_amd64",
"8Base-RHOSE-4.14:openshift4/ose-sriov-network-operator@sha256:dde4cfe3c53192974f810ba48792d2544152405103a48347c5c4d95d3ad8c4ce_arm64",
"8Base-RHOSE-4.14:openshift4/ose-sriov-network-operator@sha256:ecc2bc79460e660198b1642bd0cb616ca623e3a686a303b90e8ea923c1627a65_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-sriov-network-webhook@sha256:c5085ac0089de82f8c873830a897c0e7986d96bc766e19ddd3ee73152f244c30_arm64",
"8Base-RHOSE-4.14:openshift4/ose-sriov-network-webhook@sha256:da46eb4b254a9dc777959e263fefefd5a38e18d52974faf3ef2a70abe5983114_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-sriov-network-webhook@sha256:fd6f41701c4c193afe47879a15f7e96a6db3683d13d41efae8dd9d60d1af298e_amd64",
"8Base-RHOSE-4.14:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:36b350ba9856d2498e0a472f7f2dadc2e996361ca61fbf54716df1e23736e682_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:4f3958298e1b6c0e7ae456da55502f7e78654d2b18d0061b3ee7d4ad9e0fcfd0_s390x",
"8Base-RHOSE-4.14:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:8dbcc2e15c8b36c68e088a6cdf2e91177b04fa59bb3bb1790bf6033da8135e16_arm64",
"8Base-RHOSE-4.14:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:a55e4ba925da6c54f0deeccd978eb1fcaa589be69da58fd0c03fafad6301e968_amd64",
"8Base-RHOSE-4.14:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:3fafe355d0816b4c07a8760887e0626416bc485c8f40930a55b235539e60a4fd_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:46a5db2674418804e90cbbe9757f8b738bf92f9fd7bc59a1b7e24f128bd4c48e_amd64",
"8Base-RHOSE-4.14:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:b4b1c46902cb7e75fe92227e551f69a605611848d0de6a84dd02b47dbe156833_s390x",
"8Base-RHOSE-4.14:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:e0ab787a1380d1f8f209aac1d347cb4d1cb7adb8156efd530324fea16604422e_arm64",
"8Base-RHOSE-4.14:openshift4/ptp-must-gather-rhel8@sha256:5a25db7c37642b87bd7a91e561f7beea7e55f6694e66163db7c23e11130c6165_amd64",
"8Base-RHOSE-4.14:openshift4/ptp-must-gather-rhel8@sha256:84d4108297c134dbe94e4e00c45ff68f4f5b1119bd6389a12d8a0ee5c4d13eb4_ppc64le",
"8Base-RHOSE-4.14:openshift4/ptp-must-gather-rhel8@sha256:ce42996d1525496c72b7211ad37de3cc99203fa9362977322f656421db4a4fb0_arm64",
"9Base-RHOSE-4.14:openshift4/frr-rhel9@sha256:27a9c1e634790230c826d34a9560017534ab0447204e1426e27c01235a996857_arm64",
"9Base-RHOSE-4.14:openshift4/frr-rhel9@sha256:2a8bf055bca3d1ded35b1dbabf7c6ee969db60453c83287af4d6cb21ab467f7c_amd64",
"9Base-RHOSE-4.14:openshift4/frr-rhel9@sha256:84e10305f463777e88a01f0a479c91264d1cdb6e5974c7969b822662016d4ee8_s390x",
"9Base-RHOSE-4.14:openshift4/frr-rhel9@sha256:8d2b596cd979659bf6315108291aec567d187b91c4aa6ed0195c20936bb03b94_ppc64le",
"9Base-RHOSE-4.14:openshift4/ingress-node-firewall-rhel9-operator@sha256:32c12362ad54a0ffcd979ccdffd150e6fd4a8e9dc5d238aba30f40afeae13f40_arm64",
"9Base-RHOSE-4.14:openshift4/ingress-node-firewall-rhel9-operator@sha256:88baf977bdb6a6039e03f4058af9d1dc335ad0d1cabbefb5e603fbcc343fe26e_ppc64le",
"9Base-RHOSE-4.14:openshift4/ingress-node-firewall-rhel9-operator@sha256:b61cc9682c3b773716f6a44c38f07150a25a22bf755d512fc6912e289658a3c1_s390x",
"9Base-RHOSE-4.14:openshift4/ingress-node-firewall-rhel9-operator@sha256:d7716b05b7ffc84e38dca2c87172564214734ff0cc2e5b734f963de141e07b86_amd64",
"9Base-RHOSE-4.14:openshift4/ingress-node-firewall-rhel9@sha256:04336565c63caea4f35906c909565c0c4f643a99ea720ed04584e558e9db9ded_s390x",
"9Base-RHOSE-4.14:openshift4/ingress-node-firewall-rhel9@sha256:96802e02ddb58f3744b36e2b6194c4bef07510b53493bbabf7a61a4b54a8fdf7_arm64",
"9Base-RHOSE-4.14:openshift4/ingress-node-firewall-rhel9@sha256:985c78cbef57834ffb72edff477729d48e94fea3d2b8591a80288579ea7dfff7_ppc64le",
"9Base-RHOSE-4.14:openshift4/ingress-node-firewall-rhel9@sha256:cc23cf464f6dfb77854b04c5c939744259ee935425d0197710f6348b75b9eba9_amd64",
"9Base-RHOSE-4.14:openshift4/kubernetes-nmstate-rhel9-operator@sha256:5df6fdb232e0f834571fcd11856625a89793ca0b17a6f98332e692f209af378a_ppc64le",
"9Base-RHOSE-4.14:openshift4/kubernetes-nmstate-rhel9-operator@sha256:70262eb0385b7420a41f3091a3d9ae1c8d1f2df7c74a22a3832852ada597b2fa_arm64",
"9Base-RHOSE-4.14:openshift4/kubernetes-nmstate-rhel9-operator@sha256:8a54c5069c601ef93dc353d99cedff5516866b724c1b51f928dd5c214eaea5ed_amd64",
"9Base-RHOSE-4.14:openshift4/kubernetes-nmstate-rhel9-operator@sha256:9469ea9eff0b22c620060bc3743004e94aab005329fe0839629255392a318d6d_s390x",
"9Base-RHOSE-4.14:openshift4/metallb-rhel9-operator@sha256:56fb0a43bc9523519bbdb8ce5fb95180a2fec3d73bfda2112b5a8fe8a0951902_amd64",
"9Base-RHOSE-4.14:openshift4/metallb-rhel9-operator@sha256:60b33ad6b9e49d9d34fce895b735618a0b9b488b1ea833206f4c1d71f21c8993_arm64",
"9Base-RHOSE-4.14:openshift4/metallb-rhel9-operator@sha256:6da914e66d7047b31a3da77b527df3ed21f55f1e298d0b0c7e4ce212380f268b_ppc64le",
"9Base-RHOSE-4.14:openshift4/metallb-rhel9-operator@sha256:c3f43370f6b4ec667e0834acf90ce483c537f61dea0a14bb3beabb818e6ad9d1_s390x",
"9Base-RHOSE-4.14:openshift4/metallb-rhel9@sha256:0809cad5a3eabe1d5fa535527bb574e300d7c02ea0cfcd29e8cf0f01d20a6d40_s390x",
"9Base-RHOSE-4.14:openshift4/metallb-rhel9@sha256:640fac8f22d1afb5c7e3a1f43a67d0169c006e69cc0c8c858d4113893fbd41d9_arm64",
"9Base-RHOSE-4.14:openshift4/metallb-rhel9@sha256:bb6f983de658f0713852e5dfafefd3808c7061c1d16f9a93d5f7b177a8c64d7f_ppc64le",
"9Base-RHOSE-4.14:openshift4/metallb-rhel9@sha256:c912a492c8da61ed281b43cf63b68aee8c3e6c56ad0683957816cc5a59c9d97a_amd64",
"9Base-RHOSE-4.14:openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:1c082ba6d2a4f3b65157056c20e29b0cbabcf231868167c350a96773b7aca6ae_s390x",
"9Base-RHOSE-4.14:openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:3b3d0f1ccc4ad3c5bf1c336630f4eb7f46ddaae36fee37a0260025224dd45628_amd64",
"9Base-RHOSE-4.14:openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:cd0658df500867eeb7b998965adb620d0cb46de763486017dcd5895ace115bbd_ppc64le",
"9Base-RHOSE-4.14:openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:db0607fff034e11d26709d215e141888806680f5ef9322ce9f70985cde03e56a_arm64",
"9Base-RHOSE-4.14:openshift4/ose-ptp-rhel9@sha256:4a6a289fd2c3b11a4754320ed9dacf16cf1994eacfc403a802fff37fd936e5af_arm64",
"9Base-RHOSE-4.14:openshift4/ose-ptp-rhel9@sha256:97ddc4cf9fbdb0256da206cda301875c56c3349c934f49dfaffb3a732311d95a_ppc64le",
"9Base-RHOSE-4.14:openshift4/ose-ptp-rhel9@sha256:edb58b48bd875d18b8ebf9bfd34b91c315766c6a2c5739152caf3ff81d044ad3_amd64",
"9Base-RHOSE-4.14:openshift4/sriov-cni-rhel9@sha256:207ed00baf6d077a00a6526ddd535801d3c9db36baf8e818e87db18be867576c_ppc64le",
"9Base-RHOSE-4.14:openshift4/sriov-cni-rhel9@sha256:f5e21358eac8e80ee201fd4b3920df5ec5a90b03bd427b229fb28ccbb661632d_amd64",
"9Base-RHOSE-4.14:openshift4/sriov-cni-rhel9@sha256:ff08318a45ee53cbcbd9f43d77a00dc183676dac01c5205b7bee6d3152fca66e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-02T14:09:57+00:00",
"details": "For OpenShift Container Platform 4.14 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html/release_notes/",
"product_ids": [
"8Base-RHOSE-4.14:openshift4/ose-sriov-network-config-daemon@sha256:03334b3311eb1077e01e06e90b99936f1cee32d336e17d959f1de79af7b149d2_amd64",
"8Base-RHOSE-4.14:openshift4/ose-sriov-network-config-daemon@sha256:53939bd098c335aa5199436e960b435495a80b50dd03f1300dbcd21e1c68b4f6_arm64",
"8Base-RHOSE-4.14:openshift4/ose-sriov-network-config-daemon@sha256:6bc4f173c437f9c1f1fa22b1822772c3524b2ba8f8de1665ade371270437a11c_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:9761"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.14:openshift4/cloud-event-proxy-rhel8@sha256:0233506139f3316717ab4fb411d7377ab469f45bfec7e145011a0036a50a9d7d_arm64",
"8Base-RHOSE-4.14:openshift4/cloud-event-proxy-rhel8@sha256:3e3eba75b1a95f8cf5486824a48add0a2dedf9098aa9dfdf9a7ec4459223f78d_ppc64le",
"8Base-RHOSE-4.14:openshift4/cloud-event-proxy-rhel8@sha256:edfcd00796b7fff70dcdeabf5d561c444eefc8096ffdc9ea3f31bf89b616d817_amd64",
"8Base-RHOSE-4.14:openshift4/nmstate-console-plugin-rhel8@sha256:73455fb51ff54b7f75144760786e2fe31b8a405f57f66f3f3c826b47ee893576_amd64",
"8Base-RHOSE-4.14:openshift4/nmstate-console-plugin-rhel8@sha256:9b25503c39de5d5f867412e32f2d0e1e3c96cd63bb8232b45b250f13658ce8ca_arm64",
"8Base-RHOSE-4.14:openshift4/nmstate-console-plugin-rhel8@sha256:ad3c9ee876c4a3e7c67d2b862d409cc0637272a38a1b387fdf642cbd4dbb8b31_ppc64le",
"8Base-RHOSE-4.14:openshift4/nmstate-console-plugin-rhel8@sha256:bb460ed4f6b5a6394a3002f564b66a1a90dffd1399194e791c2ffc7012c67190_s390x",
"8Base-RHOSE-4.14:openshift4/ose-ansible-operator@sha256:3ab1697898937e270feadff93e17b9a4cd6de777e60fb4ab05cb856dd8b28c70_s390x",
"8Base-RHOSE-4.14:openshift4/ose-ansible-operator@sha256:7bd899717c4eb9d617f7b825c76ae2f0a246d0d4b1ef70d8494fd6e10bf97693_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-ansible-operator@sha256:b91606fd2a40224ce012e8acd18fcf20284c7ad73d4d86ff4a9c84d2adb9a96d_arm64",
"8Base-RHOSE-4.14:openshift4/ose-ansible-operator@sha256:f3a4af058e9fc03867fd91f17cce26d6dc08634fc6f872038d5be4ab3b5824a8_amd64",
"8Base-RHOSE-4.14:openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:2e2414e207988fc6398dfb00fafbb461f2ee0528af3bf534003a2a9c8e07e119_arm64",
"8Base-RHOSE-4.14:openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:929d8ad2504c63cc88bec82c80990bd755456a21c524512c57de43596578a9e7_amd64",
"8Base-RHOSE-4.14:openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:aa70f8885c6845bdf6e142867b0e958bc98a0930dbe9bcead745be548b98bfdc_amd64",
"8Base-RHOSE-4.14:openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:ebbf6a1ff536c69d8269a134d3e87b0e7972630a522ce1bb1e61c81551f7f5ae_arm64",
"8Base-RHOSE-4.14:openshift4/ose-cloud-event-proxy-rhel8@sha256:0233506139f3316717ab4fb411d7377ab469f45bfec7e145011a0036a50a9d7d_arm64",
"8Base-RHOSE-4.14:openshift4/ose-cloud-event-proxy-rhel8@sha256:3e3eba75b1a95f8cf5486824a48add0a2dedf9098aa9dfdf9a7ec4459223f78d_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-cloud-event-proxy-rhel8@sha256:edfcd00796b7fff70dcdeabf5d561c444eefc8096ffdc9ea3f31bf89b616d817_amd64",
"8Base-RHOSE-4.14:openshift4/ose-cluster-capacity@sha256:0f30c170bef2517e0c3dd41f3cddcc11e0e091963eaccd91cb922d7b6c487895_amd64",
"8Base-RHOSE-4.14:openshift4/ose-cluster-capacity@sha256:5d05868107f7c3ecedf574dda3d591760c04b78ddfdf7ae51b7f4fa575e12a5c_s390x",
"8Base-RHOSE-4.14:openshift4/ose-cluster-capacity@sha256:8df5a2f8cd8e5b1c6ad6301910f1a6d7775bcec87822d2a907ef0d6eb4cb91eb_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-cluster-capacity@sha256:c9127c4411c6d7a1cb2c32736cfa0a0b972ff6508c7cfdae86de059024225cce_arm64",
"8Base-RHOSE-4.14:openshift4/ose-cluster-nfd-operator@sha256:23b1acf720e336f758901b9022e399643b5f5e303a0e49213fafddab2d3ea723_s390x",
"8Base-RHOSE-4.14:openshift4/ose-cluster-nfd-operator@sha256:62163ceaa5be3cdd7eccd9d5040efdf3f252dd086e7185809c2431812ef8adff_amd64",
"8Base-RHOSE-4.14:openshift4/ose-cluster-nfd-operator@sha256:7b9c7c4817bf68ec006d0fb1761b6c81f72548e8bd027a002dc60d0a5f390917_arm64",
"8Base-RHOSE-4.14:openshift4/ose-cluster-nfd-operator@sha256:be3236ef05a81a2f580a95449416848357bec283afb6a2994651a40f1c560aef_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:48f91f8e33113075fddae25f7e168efe15835d23feb0747e21e930b8ca35cc0b_amd64",
"8Base-RHOSE-4.14:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:5cdbd4891472df1e3b9df59ab9182ad2df0fec81bae7ccf3d1b805927d08ad55_arm64",
"8Base-RHOSE-4.14:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:603558af93eee130812d4fbd3c5b5e70038cce20e82881f994108cb47faeb47f_s390x",
"8Base-RHOSE-4.14:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:ed73893139fefee3b698603d94c07aff11ba1b507ebf736eefebf71c591fadd1_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-clusterresourceoverride-rhel8@sha256:9085294de40f1ad5d1c41e25f0abf68ba02c4520bc4e9dee5d1f735822aae6a8_amd64",
"8Base-RHOSE-4.14:openshift4/ose-clusterresourceoverride-rhel8@sha256:ac58b89cd94942682d6620a3af7b249e0598d05caac3c986690407320db68b20_s390x",
"8Base-RHOSE-4.14:openshift4/ose-clusterresourceoverride-rhel8@sha256:f645a0c9eda6ee156a9d3dd8b44e1e3cdcfb6d4fc370c9fbec2828059162bd0f_arm64",
"8Base-RHOSE-4.14:openshift4/ose-clusterresourceoverride-rhel8@sha256:f754504100e19640509c0e38a430a51cd7cedf95aac72b5acfd1021be63e80c1_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:166caeed258b48a754012d7543eb83f104bb90886857f5152f1b97ca3340c1ff_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:324c43c8d9f052af2a44bdd2913e79cd9d7dcee5285e700a186b579cec073f23_amd64",
"8Base-RHOSE-4.14:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:47d277ee00421d2a536150ef99909841a722e9b5d7092cec3442448f7af598e4_s390x",
"8Base-RHOSE-4.14:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:eef4ba305e30869cf2cc3a54b9712458ca71eb9550c00d2ecadca50bb83754a1_arm64",
"8Base-RHOSE-4.14:openshift4/ose-egress-dns-proxy@sha256:5105f5d615caa57433ffe9351c67f012b5a3dc59f779f22085824a42413ad7da_amd64",
"8Base-RHOSE-4.14:openshift4/ose-egress-dns-proxy@sha256:a3a708a31abc7daec585f5d4fbefd60c75d17527a236dab815d8e91efd2a4ca8_arm64",
"8Base-RHOSE-4.14:openshift4/ose-egress-dns-proxy@sha256:c5acfaca74c9151e40c283c71e67ae5f1d6403f05f783728b084becdae260980_s390x",
"8Base-RHOSE-4.14:openshift4/ose-egress-dns-proxy@sha256:e5231045d512b40282c14b1b78eb9dbbf7a40258d5ac4790bcbba0e49f2c42ae_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-egress-http-proxy@sha256:15afdb8c07a3fcf206fa489a9a26a2ffc6a3c02a9bec3f3fc3501e25a4b104d6_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-egress-http-proxy@sha256:1eb78a80d2f721bfed0d357cb887e26bcd36af309411ca3a24041c9962e93770_amd64",
"8Base-RHOSE-4.14:openshift4/ose-egress-http-proxy@sha256:8d7dceabb1706c35b8c98bc036882590acd1b31318d1d8a242890f500b965631_arm64",
"8Base-RHOSE-4.14:openshift4/ose-egress-http-proxy@sha256:edf73ebdded358c1bb2bce4e103d9956194cf6d0f5eaf2fa6fa89508db6b478d_s390x",
"8Base-RHOSE-4.14:openshift4/ose-egress-router@sha256:6845dc3b6a1a1f608049bc2cc561819808bc397f82e3e119853833175b01f890_amd64",
"8Base-RHOSE-4.14:openshift4/ose-egress-router@sha256:6dcc7f04eb6d45dcad71d95642c26452ed104677c0a6792b1bc7186833bd669d_arm64",
"8Base-RHOSE-4.14:openshift4/ose-egress-router@sha256:d880b552f898125df92dcad8854f5f88e0e83a15fde87d1949c1bebda474ef57_s390x",
"8Base-RHOSE-4.14:openshift4/ose-egress-router@sha256:fc3412a4004fd2b5d29978a48a90aeaea0aadec04cb1488a558de5709c342437_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:2d3d91c55331a0cfb33fbfc7c8de6731dbffbf4bbb8c9ec4e5f72557ec972c08_arm64",
"8Base-RHOSE-4.14:openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:3ecf8091298b83e1a0b82272c81ad1b9a47ea96edb3a7b96edccab2534bdb741_amd64",
"8Base-RHOSE-4.14:openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:6dea50cae8f307a3822de67a47ac1fb65a594a0f50454e689030ac85fea23af2_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:4c3bc3000b499d1b54d8fe2abc5ee52409f44dec536154c45d0cb9068a49c30d_amd64",
"8Base-RHOSE-4.14:openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:6351b63ec08719fda2a61b1bea0924ce7640c85a4665d123bad9b6e71d5daceb_arm64",
"8Base-RHOSE-4.14:openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:9a66401431611b9b942f68573fa1a0b45fafbff85c100ecd796a73a9e83208b1_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-helm-operator@sha256:155832f8b4b038aa41e76a1ed3fa0cf3250a062a45830361e5b7c07d249c7c1f_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-helm-operator@sha256:3db0afaf76b46cbc520f5888e120d35b67bb317a8641a44f99d6b759c7cf6e6a_amd64",
"8Base-RHOSE-4.14:openshift4/ose-helm-operator@sha256:78fb603acaec5f02aad58c26c481210303139c9bee7088d77a41ce8ffb2cbd63_arm64",
"8Base-RHOSE-4.14:openshift4/ose-helm-operator@sha256:9f2df7136f35a80310b2c61fa7a6466349358a3cca0699e6e1fc7c8fe2f6afa7_s390x",
"8Base-RHOSE-4.14:openshift4/ose-local-storage-diskmaker@sha256:2601f42edc41c0d559b6576ed5a27c6cb30832cab5e3c2f905a4b05989d3f6e1_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-local-storage-diskmaker@sha256:9eb6db1b88adeee9ff22599cf003ae802b15a7882f11811f404be38e8aff552a_amd64",
"8Base-RHOSE-4.14:openshift4/ose-local-storage-diskmaker@sha256:c17a11d96808a60770d9584d514fa9b8e1e9af157f2cf79a2014d50d9d6199f1_arm64",
"8Base-RHOSE-4.14:openshift4/ose-local-storage-diskmaker@sha256:fe6e83adaf8e0b5458a2dfbf84c967472975cd9e279a37af9cebcd2646b78bfa_s390x",
"8Base-RHOSE-4.14:openshift4/ose-local-storage-mustgather-rhel8@sha256:6f62e11148817aafa34ed32230aa09dd72e47be9a21fa74a960b1806acd5b6d5_s390x",
"8Base-RHOSE-4.14:openshift4/ose-local-storage-mustgather-rhel8@sha256:a2004ef0cfe5c2bd9557e81bf7e14bb7bac86e066c2ac9fcf1fb1f4c4affe209_amd64",
"8Base-RHOSE-4.14:openshift4/ose-local-storage-mustgather-rhel8@sha256:bb2169b62a6dd96f9d589eab45981c79f3e8c3c7422fe47b70ddc28548804574_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-local-storage-mustgather-rhel8@sha256:d598aaab20904ca3a7f8c1cd662ab885d417dacd404e2d5815e456cd9f89e317_arm64",
"8Base-RHOSE-4.14:openshift4/ose-local-storage-operator@sha256:229629a1cc2efda7eb97c7e5a05fea436af8a799ee15b1950f13c39722b9aac1_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-local-storage-operator@sha256:59a79f32bfdb17d733440113388ba60d6e3c578fcc093795d2ccbe912aee5889_arm64",
"8Base-RHOSE-4.14:openshift4/ose-local-storage-operator@sha256:69da9a9b9063086cd4a488d1f3e1822fdf4e0905c47922effadaab4f6d10cf72_s390x",
"8Base-RHOSE-4.14:openshift4/ose-local-storage-operator@sha256:d4365e00ab608ba339b879e21f2dea2a2466f28228b7d190dba6303eeaa2bdc6_amd64",
"8Base-RHOSE-4.14:openshift4/ose-node-feature-discovery@sha256:26b6dd839999c6f69d0e19e1e8c82e6f611583144806e500f8c7162d28488153_amd64",
"8Base-RHOSE-4.14:openshift4/ose-node-feature-discovery@sha256:6c39cede9440d2bdca5641682c58d8e33eaeb12dcc5998d917d90102bc646aa6_s390x",
"8Base-RHOSE-4.14:openshift4/ose-node-feature-discovery@sha256:9e75a192bddc56383c17223a0330ffdc62eef5135086b0cae4b374b03e844bb3_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-node-feature-discovery@sha256:dc5a8d56401996a8110c1cd6eccd68228d38ed5882698f66e115075fc4583ab6_arm64",
"8Base-RHOSE-4.14:openshift4/ose-operator-sdk-rhel8@sha256:3d3760bd0c452b1c6f183446634175701fcc41b348a8d580c94582cad3dc7bf7_arm64",
"8Base-RHOSE-4.14:openshift4/ose-operator-sdk-rhel8@sha256:3dffaff72c5a2271e03d0b173af972acacdce214e7c5aa8c1560826798ef3c86_s390x",
"8Base-RHOSE-4.14:openshift4/ose-operator-sdk-rhel8@sha256:40268201ed39372d63a93bc14b10081b858759dd550d99641b52645a3ac8f4b7_amd64",
"8Base-RHOSE-4.14:openshift4/ose-operator-sdk-rhel8@sha256:d88ffcb4d9ec6be183f4c6f74aa49f83031f3af972d4bd293369476e0e2e436b_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-ptp-operator@sha256:3c3e0881e66ef1533a965c0dfa2d4e2816fb794a620a48c8cf587650101ce90f_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-ptp-operator@sha256:e0be86b6efc1c1898ff40374e2accbe0458e314baa400ff752fbdb8a555c079c_arm64",
"8Base-RHOSE-4.14:openshift4/ose-ptp-operator@sha256:fd92f9f6285a523b6768436d05af8049415d1ed35a11312f7878328ce2813381_amd64",
"8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:2857961dbd07c174e3c6ddc70fb789ce85e14a00e23cae3e4385d86b7c73b12e_amd64",
"8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:49ce7183466766fc00ba90bdae5f7622f219e0a916906d1bcebc0e0dd7c735f9_s390x",
"8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:4a099fea103dbf21971b79cad02327fac7a50912793cca32f31df71d6c2a1606_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:674dda9f790499a4746f13234612046f126bb2b9a6c94d81d845409979f07a38_arm64",
"8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-driver-rhel8@sha256:2339ae002806aa5322420a38f67da684ebc4fde8a94d06bc8798b9398dcad391_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-driver-rhel8@sha256:a5698b6dfa73b393ee9fcd81877f9c55cbbf6cca8ea82e968368803e67516b5c_arm64",
"8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-driver-rhel8@sha256:b6380d146d2a8ce0cae86dd335f46a01697c3c91ac4b1d35f5610a0f538e5315_amd64",
"8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-driver-rhel8@sha256:def7201739aec6c06ddb4f2c5f893d3f76f118e9af97d4a4402fe296727dc8d4_s390x",
"8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:12cb94865b6698b8561fd21749d64ace31711375dd69a156dc58b280fa7b5867_amd64",
"8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:7ce304db9bfd1e4ba74cd5307c006baabd7231b96e72a7783b12c85d47d83b8a_s390x",
"8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:9cbc765dfa9c5a11b8fe8096e523ef9705d75526343c6864c399f8416e879f2f_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:fa57aff3382f7b4745673b217f61ba4496c7d67be7c852eebb93f5450df39c8c_arm64",
"8Base-RHOSE-4.14:openshift4/ose-sriov-dp-admission-controller@sha256:22ff303478681836fd5510c2adb2d2191f94b1d7a7f4e13e7da093a6ad73d10b_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-sriov-dp-admission-controller@sha256:830ed60efcaf17e35764820f0ec826545c6dc9b7f1613b5671d45db0329ec044_amd64",
"8Base-RHOSE-4.14:openshift4/ose-sriov-dp-admission-controller@sha256:fdda28aec9753d39bfd2c0098d4384ae7ad14250dab14b3a115aac568baed368_arm64",
"8Base-RHOSE-4.14:openshift4/ose-sriov-infiniband-cni@sha256:7014d8c68ef59a17cad0f55ec727c8b0444acd18b0fc6487d2662b631dbddac5_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-sriov-infiniband-cni@sha256:bf7828ef911caa2e3dcb124ce66457a0aae21200ff0ada9929221d4d6cf3454c_amd64",
"8Base-RHOSE-4.14:openshift4/ose-sriov-infiniband-cni@sha256:d193a096f62cf7d366eed248157b5384c1a73edf0712f6cccb8d7835d760cf1f_arm64",
"8Base-RHOSE-4.14:openshift4/ose-sriov-network-config-daemon@sha256:03334b3311eb1077e01e06e90b99936f1cee32d336e17d959f1de79af7b149d2_amd64",
"8Base-RHOSE-4.14:openshift4/ose-sriov-network-config-daemon@sha256:53939bd098c335aa5199436e960b435495a80b50dd03f1300dbcd21e1c68b4f6_arm64",
"8Base-RHOSE-4.14:openshift4/ose-sriov-network-config-daemon@sha256:6bc4f173c437f9c1f1fa22b1822772c3524b2ba8f8de1665ade371270437a11c_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-sriov-network-device-plugin@sha256:30b935ecfa51f199c9dc104975242e4251f8361ea4dd1ff2c0b0d83b7f4630b3_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-sriov-network-device-plugin@sha256:3a5da82b4327cf32eb9b6d128aa345d0be36f42ca861c857bc6fca4c4f1eecaa_arm64",
"8Base-RHOSE-4.14:openshift4/ose-sriov-network-device-plugin@sha256:f52d2c9a995d0d00af6394de7fc5239b6a494295eedb22debd8024125940d659_amd64",
"8Base-RHOSE-4.14:openshift4/ose-sriov-network-operator@sha256:b8f20871bbf1edb04d0d8d539777a02d4ae1404c355297a1f3adf7682aca6106_amd64",
"8Base-RHOSE-4.14:openshift4/ose-sriov-network-operator@sha256:dde4cfe3c53192974f810ba48792d2544152405103a48347c5c4d95d3ad8c4ce_arm64",
"8Base-RHOSE-4.14:openshift4/ose-sriov-network-operator@sha256:ecc2bc79460e660198b1642bd0cb616ca623e3a686a303b90e8ea923c1627a65_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-sriov-network-webhook@sha256:c5085ac0089de82f8c873830a897c0e7986d96bc766e19ddd3ee73152f244c30_arm64",
"8Base-RHOSE-4.14:openshift4/ose-sriov-network-webhook@sha256:da46eb4b254a9dc777959e263fefefd5a38e18d52974faf3ef2a70abe5983114_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-sriov-network-webhook@sha256:fd6f41701c4c193afe47879a15f7e96a6db3683d13d41efae8dd9d60d1af298e_amd64",
"8Base-RHOSE-4.14:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:36b350ba9856d2498e0a472f7f2dadc2e996361ca61fbf54716df1e23736e682_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:4f3958298e1b6c0e7ae456da55502f7e78654d2b18d0061b3ee7d4ad9e0fcfd0_s390x",
"8Base-RHOSE-4.14:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:8dbcc2e15c8b36c68e088a6cdf2e91177b04fa59bb3bb1790bf6033da8135e16_arm64",
"8Base-RHOSE-4.14:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:a55e4ba925da6c54f0deeccd978eb1fcaa589be69da58fd0c03fafad6301e968_amd64",
"8Base-RHOSE-4.14:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:3fafe355d0816b4c07a8760887e0626416bc485c8f40930a55b235539e60a4fd_ppc64le",
"8Base-RHOSE-4.14:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:46a5db2674418804e90cbbe9757f8b738bf92f9fd7bc59a1b7e24f128bd4c48e_amd64",
"8Base-RHOSE-4.14:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:b4b1c46902cb7e75fe92227e551f69a605611848d0de6a84dd02b47dbe156833_s390x",
"8Base-RHOSE-4.14:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:e0ab787a1380d1f8f209aac1d347cb4d1cb7adb8156efd530324fea16604422e_arm64",
"8Base-RHOSE-4.14:openshift4/ptp-must-gather-rhel8@sha256:5a25db7c37642b87bd7a91e561f7beea7e55f6694e66163db7c23e11130c6165_amd64",
"8Base-RHOSE-4.14:openshift4/ptp-must-gather-rhel8@sha256:84d4108297c134dbe94e4e00c45ff68f4f5b1119bd6389a12d8a0ee5c4d13eb4_ppc64le",
"8Base-RHOSE-4.14:openshift4/ptp-must-gather-rhel8@sha256:ce42996d1525496c72b7211ad37de3cc99203fa9362977322f656421db4a4fb0_arm64",
"9Base-RHOSE-4.14:openshift4/frr-rhel9@sha256:27a9c1e634790230c826d34a9560017534ab0447204e1426e27c01235a996857_arm64",
"9Base-RHOSE-4.14:openshift4/frr-rhel9@sha256:2a8bf055bca3d1ded35b1dbabf7c6ee969db60453c83287af4d6cb21ab467f7c_amd64",
"9Base-RHOSE-4.14:openshift4/frr-rhel9@sha256:84e10305f463777e88a01f0a479c91264d1cdb6e5974c7969b822662016d4ee8_s390x",
"9Base-RHOSE-4.14:openshift4/frr-rhel9@sha256:8d2b596cd979659bf6315108291aec567d187b91c4aa6ed0195c20936bb03b94_ppc64le",
"9Base-RHOSE-4.14:openshift4/ingress-node-firewall-rhel9-operator@sha256:32c12362ad54a0ffcd979ccdffd150e6fd4a8e9dc5d238aba30f40afeae13f40_arm64",
"9Base-RHOSE-4.14:openshift4/ingress-node-firewall-rhel9-operator@sha256:88baf977bdb6a6039e03f4058af9d1dc335ad0d1cabbefb5e603fbcc343fe26e_ppc64le",
"9Base-RHOSE-4.14:openshift4/ingress-node-firewall-rhel9-operator@sha256:b61cc9682c3b773716f6a44c38f07150a25a22bf755d512fc6912e289658a3c1_s390x",
"9Base-RHOSE-4.14:openshift4/ingress-node-firewall-rhel9-operator@sha256:d7716b05b7ffc84e38dca2c87172564214734ff0cc2e5b734f963de141e07b86_amd64",
"9Base-RHOSE-4.14:openshift4/ingress-node-firewall-rhel9@sha256:04336565c63caea4f35906c909565c0c4f643a99ea720ed04584e558e9db9ded_s390x",
"9Base-RHOSE-4.14:openshift4/ingress-node-firewall-rhel9@sha256:96802e02ddb58f3744b36e2b6194c4bef07510b53493bbabf7a61a4b54a8fdf7_arm64",
"9Base-RHOSE-4.14:openshift4/ingress-node-firewall-rhel9@sha256:985c78cbef57834ffb72edff477729d48e94fea3d2b8591a80288579ea7dfff7_ppc64le",
"9Base-RHOSE-4.14:openshift4/ingress-node-firewall-rhel9@sha256:cc23cf464f6dfb77854b04c5c939744259ee935425d0197710f6348b75b9eba9_amd64",
"9Base-RHOSE-4.14:openshift4/kubernetes-nmstate-rhel9-operator@sha256:5df6fdb232e0f834571fcd11856625a89793ca0b17a6f98332e692f209af378a_ppc64le",
"9Base-RHOSE-4.14:openshift4/kubernetes-nmstate-rhel9-operator@sha256:70262eb0385b7420a41f3091a3d9ae1c8d1f2df7c74a22a3832852ada597b2fa_arm64",
"9Base-RHOSE-4.14:openshift4/kubernetes-nmstate-rhel9-operator@sha256:8a54c5069c601ef93dc353d99cedff5516866b724c1b51f928dd5c214eaea5ed_amd64",
"9Base-RHOSE-4.14:openshift4/kubernetes-nmstate-rhel9-operator@sha256:9469ea9eff0b22c620060bc3743004e94aab005329fe0839629255392a318d6d_s390x",
"9Base-RHOSE-4.14:openshift4/metallb-rhel9-operator@sha256:56fb0a43bc9523519bbdb8ce5fb95180a2fec3d73bfda2112b5a8fe8a0951902_amd64",
"9Base-RHOSE-4.14:openshift4/metallb-rhel9-operator@sha256:60b33ad6b9e49d9d34fce895b735618a0b9b488b1ea833206f4c1d71f21c8993_arm64",
"9Base-RHOSE-4.14:openshift4/metallb-rhel9-operator@sha256:6da914e66d7047b31a3da77b527df3ed21f55f1e298d0b0c7e4ce212380f268b_ppc64le",
"9Base-RHOSE-4.14:openshift4/metallb-rhel9-operator@sha256:c3f43370f6b4ec667e0834acf90ce483c537f61dea0a14bb3beabb818e6ad9d1_s390x",
"9Base-RHOSE-4.14:openshift4/metallb-rhel9@sha256:0809cad5a3eabe1d5fa535527bb574e300d7c02ea0cfcd29e8cf0f01d20a6d40_s390x",
"9Base-RHOSE-4.14:openshift4/metallb-rhel9@sha256:640fac8f22d1afb5c7e3a1f43a67d0169c006e69cc0c8c858d4113893fbd41d9_arm64",
"9Base-RHOSE-4.14:openshift4/metallb-rhel9@sha256:bb6f983de658f0713852e5dfafefd3808c7061c1d16f9a93d5f7b177a8c64d7f_ppc64le",
"9Base-RHOSE-4.14:openshift4/metallb-rhel9@sha256:c912a492c8da61ed281b43cf63b68aee8c3e6c56ad0683957816cc5a59c9d97a_amd64",
"9Base-RHOSE-4.14:openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:1c082ba6d2a4f3b65157056c20e29b0cbabcf231868167c350a96773b7aca6ae_s390x",
"9Base-RHOSE-4.14:openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:3b3d0f1ccc4ad3c5bf1c336630f4eb7f46ddaae36fee37a0260025224dd45628_amd64",
"9Base-RHOSE-4.14:openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:cd0658df500867eeb7b998965adb620d0cb46de763486017dcd5895ace115bbd_ppc64le",
"9Base-RHOSE-4.14:openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:db0607fff034e11d26709d215e141888806680f5ef9322ce9f70985cde03e56a_arm64",
"9Base-RHOSE-4.14:openshift4/ose-ptp-rhel9@sha256:4a6a289fd2c3b11a4754320ed9dacf16cf1994eacfc403a802fff37fd936e5af_arm64",
"9Base-RHOSE-4.14:openshift4/ose-ptp-rhel9@sha256:97ddc4cf9fbdb0256da206cda301875c56c3349c934f49dfaffb3a732311d95a_ppc64le",
"9Base-RHOSE-4.14:openshift4/ose-ptp-rhel9@sha256:edb58b48bd875d18b8ebf9bfd34b91c315766c6a2c5739152caf3ff81d044ad3_amd64",
"9Base-RHOSE-4.14:openshift4/sriov-cni-rhel9@sha256:207ed00baf6d077a00a6526ddd535801d3c9db36baf8e818e87db18be867576c_ppc64le",
"9Base-RHOSE-4.14:openshift4/sriov-cni-rhel9@sha256:f5e21358eac8e80ee201fd4b3920df5ec5a90b03bd427b229fb28ccbb661632d_amd64",
"9Base-RHOSE-4.14:openshift4/sriov-cni-rhel9@sha256:ff08318a45ee53cbcbd9f43d77a00dc183676dac01c5205b7bee6d3152fca66e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
}
]
}
RHSA-2026:1730
Vulnerability from csaf_redhat - Published: 2026-02-02 15:52 - Updated: 2026-07-01 06:04A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64 | — |
Workaround
|
A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64 | — |
Workaround
|
A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64 | — |
A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64 | — |
Workaround
|
A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64 | — |
Workaround
|
A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process. The mitigation applied for CVE-2019-16884 was fairly limited and effectively only caused runc to verify that when we write LSM labels that those labels are actual procfs files.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64 | — |
Workaround
|
A flaw was found in auth0/node-jws. This vulnerability allows improper signature verification via using the HS256 (Hash-based Message Authentication Code using SHA-256) algorithm under specific conditions, where applications use the jws.createVerify() function for HMAC (Keyed-Hash Message Authentication Code) algorithms and user-provided data from the JSON (JavaScript Object Notation) Web Signature protected header or payload in HMAC secret lookup routines.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64 | — |
Workaround
|
An ASN.1 Denial of Service (Dos) vulnerability exists in the node-forge asn1.fromDer function within forge/lib/asn1.js. The ASN.1 DER parser implementation (_fromDer) recurses for every constructed ASN.1 value (SEQUENCE, SET, etc.) and lacks a guard limiting recursion depth. An attacker can craft a small DER blob containing a very large nesting depth of constructed TLVs which causes the Node.js V8 engine to exhaust its call stack and throw RangeError: Maximum call stack size exceeded, crashing or incapacitating the process handling the parse. This is a remote, low-cost Denial-of-Service against applications that parse untrusted ASN.1 objects.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64 | — |
Workaround
|
A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64 | — |
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data; CWE-409) on the client side, even if the application only requested a small chunk of data.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64 | — |
Workaround
|
A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64 | — |
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64 | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.12.13 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.12.13",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:1730",
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-34156",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45337",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45338",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12816",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15284",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-52881",
"url": "https://access.redhat.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-65945",
"url": "https://access.redhat.com/security/cve/CVE-2025-65945"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66418",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66471",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66506",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-21441",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_1730.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.12.13",
"tracking": {
"current_release_date": "2026-07-01T06:04:24+00:00",
"generator": {
"date": "2026-07-01T06:04:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:1730",
"initial_release_date": "2026-02-02T15:52:56+00:00",
"revision_history": [
{
"date": "2026-02-02T15:52:56+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-02T15:52:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T06:04:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.12",
"product": {
"name": "Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.12::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Ae82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1769852013"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1769466677"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1769810112"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1769812327"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1769811895"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1769718571"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1769000026"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769852013"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3Ad6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769802588"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769466677"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3Aedc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769810760"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Acc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769810112"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Acd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769812327"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Af2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769811895"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769718571"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3A6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769855900"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Af5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769000026"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769852013"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769466677"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769810112"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Aed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769812327"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769811895"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769718571"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769000026"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1769466677"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Ae8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1769810112"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Aa1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1769812327"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1769811895"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1769718571"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Af2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1769000026"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Af58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1769852013"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-34156",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2024-09-06T21:20:09.377905+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310528"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Go\u0027s `encoding/gob` package is of high severity because it exposes applications to potential Denial of Service (DoS) attacks through stack exhaustion. Since `gob` relies on recursive function calls to decode nested structures, an attacker could exploit this by sending crafted messages with excessively deep nesting, causing the application to panic due to stack overflow. This risk is particularly important in scenarios where untrusted or external input is processed, as it can lead to system unavailability or crashes, undermining the reliability and availability of services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "RHBZ#2310528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://go.dev/cl/611239",
"url": "https://go.dev/cl/611239"
},
{
"category": "external",
"summary": "https://go.dev/issue/69139",
"url": "https://go.dev/issue/69139"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3106",
"url": "https://pkg.go.dev/vuln/GO-2024-3106"
}
],
"release_date": "2024-09-06T21:15:12.020000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T15:52:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion"
},
{
"cve": "CVE-2024-45337",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2024-12-11T19:00:54.247490+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331720"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as important rather than critical because it does not directly enable unauthorized access but rather introduces a risk of authorization bypass if the application or library misuses the PublicKeyCallback API. The vulnerability relies on incorrect assumptions made by the application when handling the sequence or state of keys provided during SSH authentication. Properly implemented systems that use the Permissions field or avoid relying on external state remain unaffected. Additionally, the vulnerability does not allow direct exploitation to gain control over a system without the presence of insecure logic in the application\u0027s handling of authentication attempts.\n\n\nRed Hat Enterprise Linux(RHEL) 8 \u0026 9 and Red Hat Openshift marked as not affected as it was determined that the problem function `ServerConfig.PublicKeyCallback`, as noted in the CVE-2024-45337 issue, is not called by Podman, Buildah, containers-common, or the gvisor-tap-vsock projects.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "RHBZ#2331720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909",
"url": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909"
},
{
"category": "external",
"summary": "https://go.dev/cl/635315",
"url": "https://go.dev/cl/635315"
},
{
"category": "external",
"summary": "https://go.dev/issue/70779",
"url": "https://go.dev/issue/70779"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3321",
"url": "https://pkg.go.dev/vuln/GO-2024-3321"
}
],
"release_date": "2024-12-11T18:55:58.506000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T15:52:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto"
},
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T15:52:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
},
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2025-11-25T20:01:05.875196+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417097"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "RHBZ#2417097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge",
"url": "https://github.com/digitalbazaar/forge"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/pull/1124",
"url": "https://github.com/digitalbazaar/forge/pull/1124"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/521113",
"url": "https://kb.cert.org/vuls/id/521113"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/node-forge",
"url": "https://www.npmjs.com/package/node-forge"
}
],
"release_date": "2025-11-25T19:15:50.243000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T15:52:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
},
{
"cve": "CVE-2025-15284",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-29T23:00:58.541337+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2425946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "qs: qs: Denial of Service via improper input validation in array parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that utilize the `qs` module for parsing query strings, particularly when processing user-controlled input with bracket notation. The `arrayLimit` option, intended to prevent resource exhaustion, is bypassed when bracket notation (`a[]=value`) is used, allowing a remote attacker to cause a denial of service through memory exhaustion. This can lead to application crashes or unresponsiveness, making the service unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "RHBZ#2425946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9",
"url": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p",
"url": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p"
}
],
"release_date": "2025-12-29T22:56:45.240000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T15:52:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "qs: qs: Denial of Service via improper input validation in array parsing"
},
{
"cve": "CVE-2025-52881",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-10-17T14:19:18.652000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2404715"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process. The mitigation applied for CVE-2019-16884 was fairly limited and effectively only caused runc to verify that when we write LSM labels that those labels are actual procfs files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "RHBZ#2404715",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404715"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm",
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/selinux/pull/237",
"url": "https://github.com/opencontainers/selinux/pull/237"
}
],
"release_date": "2025-11-05T09:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T15:52:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
},
{
"category": "workaround",
"details": "Potential mitigations for this issue include:\n\n* Using rootless containers, as doing so will block most of the inadvertent writes (runc would run with reduced privileges, making attempts to write to procfs files ineffective).\n* Based on our analysis, neither AppArmor or SELinux can protect against the full version of the redirected write attack. The container runtime is generally privileged enough to write to arbitrary procfs files, which is more than sufficient to cause a container breakout.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects"
},
{
"cve": "CVE-2025-65945",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2025-12-04T19:01:14.733682+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418904"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in auth0/node-jws. This vulnerability allows improper signature verification via using the HS256 (Hash-based Message Authentication Code using SHA-256) algorithm under specific conditions, where applications use the jws.createVerify() function for HMAC (Keyed-Hash Message Authentication Code) algorithms and user-provided data from the JSON (JavaScript Object Notation) Web Signature protected header or payload in HMAC secret lookup routines.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65945"
},
{
"category": "external",
"summary": "RHBZ#2418904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65945"
},
{
"category": "external",
"summary": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e",
"url": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e"
},
{
"category": "external",
"summary": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x",
"url": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x"
}
],
"release_date": "2025-12-04T18:45:37.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T15:52:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm"
},
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-11-26T23:01:36.363253+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417397"
}
],
"notes": [
{
"category": "description",
"text": "An ASN.1 Denial of Service (Dos) vulnerability exists in the node-forge asn1.fromDer function within forge/lib/asn1.js. The ASN.1 DER parser implementation (_fromDer) recurses for every constructed ASN.1 value (SEQUENCE, SET, etc.) and lacks a guard limiting recursion depth. An attacker can craft a small DER blob containing a very large nesting depth of constructed TLVs which causes the Node.js V8 engine to exhaust its call stack and throw RangeError: Maximum call stack size exceeded, crashing or incapacitating the process handling the parse. This is a remote, low-cost Denial-of-Service against applications that parse untrusted ASN.1 objects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge ASN.1 Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "RHBZ#2417397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
}
],
"release_date": "2025-11-26T22:23:26.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T15:52:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: node-forge ASN.1 Unbounded Recursion"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-05T17:01:20.277857+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419455"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "RHBZ#2419455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8",
"url": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53"
}
],
"release_date": "2025-12-05T16:02:15.271000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T15:52:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion"
},
{
"cve": "CVE-2025-66471",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2025-12-05T17:02:21.597728+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419467"
}
],
"notes": [
{
"category": "description",
"text": "A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data; CWE-409) on the client side, even if the application only requested a small chunk of data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 Streaming API improperly handles highly compressed data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "RHBZ#2419467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7",
"url": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37"
}
],
"release_date": "2025-12-05T16:06:08.531000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T15:52:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 Streaming API improperly handles highly compressed data"
},
{
"cve": "CVE-2025-66506",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:20.507333+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419056"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat as Fulcio, a certificate authority used for issuing code signing certificates, is susceptible to a denial of service when processing a specially crafted OpenID Connect (OIDC) token. This could lead to resource exhaustion and service unavailability in affected Red Hat products that utilize Fulcio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "RHBZ#2419056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419056"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a",
"url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw",
"url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
}
],
"release_date": "2025-12-04T22:04:41.637000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T15:52:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token"
},
{
"cve": "CVE-2026-21441",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-01-07T23:01:59.422078+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427726"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is an HTTP client library for Python. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "RHBZ#2427726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427726"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b",
"url": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99"
}
],
"release_date": "2026-01-07T22:09:01.936000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T15:52:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)"
}
]
}
RHSA-2026:2681
Vulnerability from csaf_redhat - Published: 2026-02-12 17:29 - Updated: 2026-07-01 06:06A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x | — |
Workaround
|
A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x | — |
Workaround
|
A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x | — |
A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x | — |
Workaround
|
A flaw was found in runc. This flaw exploits an issue with how masked paths are implementedin runc. When masking files, runc will bind-mount the container's /dev/null inode on top of the file. However, if an attacker can replace /dev/null with a symlink to some other procfs file, runc will instead bind-mount the symlink target read-write.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le | — |
Workaround
|
A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process. The mitigation applied for CVE-2019-16884 was fairly limited and effectively only caused runc to verify that when we write LSM labels that those labels are actual procfs files.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x | — |
Workaround
|
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x | — |
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x | — |
A flaw was found in auth0/node-jws. This vulnerability allows improper signature verification via using the HS256 (Hash-based Message Authentication Code using SHA-256) algorithm under specific conditions, where applications use the jws.createVerify() function for HMAC (Keyed-Hash Message Authentication Code) algorithms and user-provided data from the JSON (JavaScript Object Notation) Web Signature protected header or payload in HMAC secret lookup routines.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x | — |
Workaround
|
A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x | — |
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data; CWE-409) on the client side, even if the application only requested a small chunk of data.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x | — |
Workaround
|
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x | — |
A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.16.2 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.16.2",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2681",
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-34156",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45337",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45338",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15284",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-31133",
"url": "https://access.redhat.com/security/cve/CVE-2025-31133"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-52881",
"url": "https://access.redhat.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-65945",
"url": "https://access.redhat.com/security/cve/CVE-2025-65945"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66418",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66471",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-21441",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-24049",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2681.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.16.2",
"tracking": {
"current_release_date": "2026-07-01T06:06:15+00:00",
"generator": {
"date": "2026-07-01T06:06:15+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:2681",
"initial_release_date": "2026-02-12T17:29:21+00:00",
"revision_history": [
{
"date": "2026-02-12T17:29:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-16T18:38:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T06:06:15+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.16",
"product": {
"name": "Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.16::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770816239"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel9@sha256%3A1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770762347"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3Adda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770817752"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel9@sha256%3A5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770816399"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770230686"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel9@sha256%3A8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770816438"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel9@sha256%3A9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770816381"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3Afa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770841176"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel9@sha256%3A64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770816415"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel9@sha256%3A35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770836901"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel9@sha256%3Ae3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770762347"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel9@sha256%3Ac96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770816399"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel9@sha256%3A76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770816438"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel9@sha256%3Aafe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770816381"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel9@sha256%3A8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770816415"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel9@sha256%3A9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770836901"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel9@sha256%3A9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770762347"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel9@sha256%3A3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770816399"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel9@sha256%3A146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770816438"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel9@sha256%3Abf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770816381"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel9@sha256%3Abbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770816415"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel9@sha256%3A45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770836901"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"product_id": "registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel9@sha256%3A96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770836901"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-34156",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2024-09-06T21:20:09.377905+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310528"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Go\u0027s `encoding/gob` package is of high severity because it exposes applications to potential Denial of Service (DoS) attacks through stack exhaustion. Since `gob` relies on recursive function calls to decode nested structures, an attacker could exploit this by sending crafted messages with excessively deep nesting, causing the application to panic due to stack overflow. This risk is particularly important in scenarios where untrusted or external input is processed, as it can lead to system unavailability or crashes, undermining the reliability and availability of services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "RHBZ#2310528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://go.dev/cl/611239",
"url": "https://go.dev/cl/611239"
},
{
"category": "external",
"summary": "https://go.dev/issue/69139",
"url": "https://go.dev/issue/69139"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3106",
"url": "https://pkg.go.dev/vuln/GO-2024-3106"
}
],
"release_date": "2024-09-06T21:15:12.020000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T17:29:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion"
},
{
"cve": "CVE-2024-45337",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2024-12-11T19:00:54.247490+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331720"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as important rather than critical because it does not directly enable unauthorized access but rather introduces a risk of authorization bypass if the application or library misuses the PublicKeyCallback API. The vulnerability relies on incorrect assumptions made by the application when handling the sequence or state of keys provided during SSH authentication. Properly implemented systems that use the Permissions field or avoid relying on external state remain unaffected. Additionally, the vulnerability does not allow direct exploitation to gain control over a system without the presence of insecure logic in the application\u0027s handling of authentication attempts.\n\n\nRed Hat Enterprise Linux(RHEL) 8 \u0026 9 and Red Hat Openshift marked as not affected as it was determined that the problem function `ServerConfig.PublicKeyCallback`, as noted in the CVE-2024-45337 issue, is not called by Podman, Buildah, containers-common, or the gvisor-tap-vsock projects.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "RHBZ#2331720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909",
"url": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909"
},
{
"category": "external",
"summary": "https://go.dev/cl/635315",
"url": "https://go.dev/cl/635315"
},
{
"category": "external",
"summary": "https://go.dev/issue/70779",
"url": "https://go.dev/issue/70779"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3321",
"url": "https://pkg.go.dev/vuln/GO-2024-3321"
}
],
"release_date": "2024-12-11T18:55:58.506000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T17:29:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto"
},
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T17:29:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
},
{
"cve": "CVE-2025-15284",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-29T23:00:58.541337+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2425946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "qs: qs: Denial of Service via improper input validation in array parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that utilize the `qs` module for parsing query strings, particularly when processing user-controlled input with bracket notation. The `arrayLimit` option, intended to prevent resource exhaustion, is bypassed when bracket notation (`a[]=value`) is used, allowing a remote attacker to cause a denial of service through memory exhaustion. This can lead to application crashes or unresponsiveness, making the service unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "RHBZ#2425946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9",
"url": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p",
"url": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p"
}
],
"release_date": "2025-12-29T22:56:45.240000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T17:29:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "qs: qs: Denial of Service via improper input validation in array parsing"
},
{
"cve": "CVE-2025-31133",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-10-17T14:17:18.235000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2404705"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. This flaw exploits an issue with how masked paths are implementedin runc. When masking files, runc will bind-mount the container\u0027s /dev/null inode on top of the file. However, if an attacker can replace /dev/null with a symlink to some other procfs file, runc will instead bind-mount the symlink target read-write.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: container escape via \u0027masked path\u0027 abuse due to mount race conditions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-31133"
},
{
"category": "external",
"summary": "RHBZ#2404705",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404705"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-31133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31133"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-31133",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31133"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2",
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2"
}
],
"release_date": "2025-11-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T17:29:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
},
{
"category": "workaround",
"details": "Potential mitigations for this issue include:\n\n* Using user namespaces, with the host root user not mapped into the container\u0027s namespace. procfs file permissions are managed using Unix\nDAC and thus user namespaces stop a container process from being able to write to them.\n\n* Not running as a root user in the container (this includes disabling setuid binaries with noNewPrivileges). As above, procfs file permissions are managed using Unix DAC and thus non-root users cannot write to them.\n\n* Depending on the maskedPath configuration (the default configuratio nonly masks paths in /proc and /sys), using an AppArmor that blocks unexpectedwrites to any maskedPaths (as is the case with the defaultprofile used by Docker and Podman) will block attempts to exploit this issue. However, CVE-2025-52881 allows an attacker to bypass LSMlabels, and so this mitigation is not helpful when considered incombination with CVE-2025-52881.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "runc: container escape via \u0027masked path\u0027 abuse due to mount race conditions"
},
{
"cve": "CVE-2025-52881",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-10-17T14:19:18.652000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2404715"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process. The mitigation applied for CVE-2019-16884 was fairly limited and effectively only caused runc to verify that when we write LSM labels that those labels are actual procfs files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "RHBZ#2404715",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404715"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm",
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/selinux/pull/237",
"url": "https://github.com/opencontainers/selinux/pull/237"
}
],
"release_date": "2025-11-05T09:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T17:29:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
},
{
"category": "workaround",
"details": "Potential mitigations for this issue include:\n\n* Using rootless containers, as doing so will block most of the inadvertent writes (runc would run with reduced privileges, making attempts to write to procfs files ineffective).\n* Based on our analysis, neither AppArmor or SELinux can protect against the full version of the redirected write attack. The container runtime is generally privileged enough to write to arbitrary procfs files, which is more than sufficient to cause a container breakout.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects"
},
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T17:29:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T17:29:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-65945",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2025-12-04T19:01:14.733682+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418904"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in auth0/node-jws. This vulnerability allows improper signature verification via using the HS256 (Hash-based Message Authentication Code using SHA-256) algorithm under specific conditions, where applications use the jws.createVerify() function for HMAC (Keyed-Hash Message Authentication Code) algorithms and user-provided data from the JSON (JavaScript Object Notation) Web Signature protected header or payload in HMAC secret lookup routines.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65945"
},
{
"category": "external",
"summary": "RHBZ#2418904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65945"
},
{
"category": "external",
"summary": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e",
"url": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e"
},
{
"category": "external",
"summary": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x",
"url": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x"
}
],
"release_date": "2025-12-04T18:45:37.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T17:29:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-05T17:01:20.277857+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419455"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "RHBZ#2419455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8",
"url": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53"
}
],
"release_date": "2025-12-05T16:02:15.271000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T17:29:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion"
},
{
"cve": "CVE-2025-66471",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2025-12-05T17:02:21.597728+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419467"
}
],
"notes": [
{
"category": "description",
"text": "A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data; CWE-409) on the client side, even if the application only requested a small chunk of data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 Streaming API improperly handles highly compressed data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "RHBZ#2419467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7",
"url": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37"
}
],
"release_date": "2025-12-05T16:06:08.531000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T17:29:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 Streaming API improperly handles highly compressed data"
},
{
"cve": "CVE-2026-21441",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-01-07T23:01:59.422078+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427726"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is an HTTP client library for Python. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "RHBZ#2427726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427726"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b",
"url": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99"
}
],
"release_date": "2026-01-07T22:09:01.936000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T17:29:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)"
},
{
"cve": "CVE-2026-24049",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-01-22T05:00:54.709179+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431959"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "RHBZ#2431959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24049",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef",
"url": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/releases/tag/0.46.2",
"url": "https://github.com/pypa/wheel/releases/tag/0.46.2"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx",
"url": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx"
}
],
"release_date": "2026-01-22T04:02:08.706000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T17:29:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking"
}
]
}
RHSA-2026:2754
Vulnerability from csaf_redhat - Published: 2026-02-16 15:43 - Updated: 2026-07-01 06:06A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x | — |
Workaround
|
A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x | — |
Workaround
|
A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x | — |
A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x | — |
Workaround
|
A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process. The mitigation applied for CVE-2019-16884 was fairly limited and effectively only caused runc to verify that when we write LSM labels that those labels are actual procfs files.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x | — |
Workaround
|
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le | — |
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x | — |
A flaw was found in auth0/node-jws. This vulnerability allows improper signature verification via using the HS256 (Hash-based Message Authentication Code using SHA-256) algorithm under specific conditions, where applications use the jws.createVerify() function for HMAC (Keyed-Hash Message Authentication Code) algorithms and user-provided data from the JSON (JavaScript Object Notation) Web Signature protected header or payload in HMAC secret lookup routines.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x | — |
Workaround
|
An ASN.1 Denial of Service (Dos) vulnerability exists in the node-forge asn1.fromDer function within forge/lib/asn1.js. The ASN.1 DER parser implementation (_fromDer) recurses for every constructed ASN.1 value (SEQUENCE, SET, etc.) and lacks a guard limiting recursion depth. An attacker can craft a small DER blob containing a very large nesting depth of constructed TLVs which causes the Node.js V8 engine to exhaust its call stack and throw RangeError: Maximum call stack size exceeded, crashing or incapacitating the process handling the parse. This is a remote, low-cost Denial-of-Service against applications that parse untrusted ASN.1 objects.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x | — |
Workaround
|
A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x | — |
A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x | — |
A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.9.18 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.9.18",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2754",
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-34156",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45337",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45338",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12816",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-52881",
"url": "https://access.redhat.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-65945",
"url": "https://access.redhat.com/security/cve/CVE-2025-65945"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66418",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66506",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-24049",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2754.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.9.18",
"tracking": {
"current_release_date": "2026-07-01T06:06:17+00:00",
"generator": {
"date": "2026-07-01T06:06:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:2754",
"initial_release_date": "2026-02-16T15:43:51+00:00",
"revision_history": [
{
"date": "2026-02-16T15:43:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-16T17:04:14+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T06:06:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.9",
"product": {
"name": "Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.9::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770249996"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770223960"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3A1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770249993"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770230842"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770133825"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770991332"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770306794"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3A0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770991979"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770133364"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770856103"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Ac30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770223960"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770230842"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Adbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770991332"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Ab3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770306794"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770133364"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770856103"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Ae2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770223960"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770230842"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770991332"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770306794"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Abb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770133364"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770856103"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-34156",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2024-09-06T21:20:09.377905+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310528"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Go\u0027s `encoding/gob` package is of high severity because it exposes applications to potential Denial of Service (DoS) attacks through stack exhaustion. Since `gob` relies on recursive function calls to decode nested structures, an attacker could exploit this by sending crafted messages with excessively deep nesting, causing the application to panic due to stack overflow. This risk is particularly important in scenarios where untrusted or external input is processed, as it can lead to system unavailability or crashes, undermining the reliability and availability of services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "RHBZ#2310528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://go.dev/cl/611239",
"url": "https://go.dev/cl/611239"
},
{
"category": "external",
"summary": "https://go.dev/issue/69139",
"url": "https://go.dev/issue/69139"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3106",
"url": "https://pkg.go.dev/vuln/GO-2024-3106"
}
],
"release_date": "2024-09-06T21:15:12.020000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion"
},
{
"cve": "CVE-2024-45337",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2024-12-11T19:00:54.247490+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331720"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as important rather than critical because it does not directly enable unauthorized access but rather introduces a risk of authorization bypass if the application or library misuses the PublicKeyCallback API. The vulnerability relies on incorrect assumptions made by the application when handling the sequence or state of keys provided during SSH authentication. Properly implemented systems that use the Permissions field or avoid relying on external state remain unaffected. Additionally, the vulnerability does not allow direct exploitation to gain control over a system without the presence of insecure logic in the application\u0027s handling of authentication attempts.\n\n\nRed Hat Enterprise Linux(RHEL) 8 \u0026 9 and Red Hat Openshift marked as not affected as it was determined that the problem function `ServerConfig.PublicKeyCallback`, as noted in the CVE-2024-45337 issue, is not called by Podman, Buildah, containers-common, or the gvisor-tap-vsock projects.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "RHBZ#2331720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909",
"url": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909"
},
{
"category": "external",
"summary": "https://go.dev/cl/635315",
"url": "https://go.dev/cl/635315"
},
{
"category": "external",
"summary": "https://go.dev/issue/70779",
"url": "https://go.dev/issue/70779"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3321",
"url": "https://pkg.go.dev/vuln/GO-2024-3321"
}
],
"release_date": "2024-12-11T18:55:58.506000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto"
},
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
},
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2025-11-25T20:01:05.875196+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417097"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "RHBZ#2417097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge",
"url": "https://github.com/digitalbazaar/forge"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/pull/1124",
"url": "https://github.com/digitalbazaar/forge/pull/1124"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/521113",
"url": "https://kb.cert.org/vuls/id/521113"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/node-forge",
"url": "https://www.npmjs.com/package/node-forge"
}
],
"release_date": "2025-11-25T19:15:50.243000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
},
{
"cve": "CVE-2025-52881",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-10-17T14:19:18.652000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2404715"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process. The mitigation applied for CVE-2019-16884 was fairly limited and effectively only caused runc to verify that when we write LSM labels that those labels are actual procfs files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "RHBZ#2404715",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404715"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm",
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/selinux/pull/237",
"url": "https://github.com/opencontainers/selinux/pull/237"
}
],
"release_date": "2025-11-05T09:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
},
{
"category": "workaround",
"details": "Potential mitigations for this issue include:\n\n* Using rootless containers, as doing so will block most of the inadvertent writes (runc would run with reduced privileges, making attempts to write to procfs files ineffective).\n* Based on our analysis, neither AppArmor or SELinux can protect against the full version of the redirected write attack. The container runtime is generally privileged enough to write to arbitrary procfs files, which is more than sufficient to cause a container breakout.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects"
},
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-65945",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2025-12-04T19:01:14.733682+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418904"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in auth0/node-jws. This vulnerability allows improper signature verification via using the HS256 (Hash-based Message Authentication Code using SHA-256) algorithm under specific conditions, where applications use the jws.createVerify() function for HMAC (Keyed-Hash Message Authentication Code) algorithms and user-provided data from the JSON (JavaScript Object Notation) Web Signature protected header or payload in HMAC secret lookup routines.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65945"
},
{
"category": "external",
"summary": "RHBZ#2418904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65945"
},
{
"category": "external",
"summary": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e",
"url": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e"
},
{
"category": "external",
"summary": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x",
"url": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x"
}
],
"release_date": "2025-12-04T18:45:37.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm"
},
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-11-26T23:01:36.363253+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417397"
}
],
"notes": [
{
"category": "description",
"text": "An ASN.1 Denial of Service (Dos) vulnerability exists in the node-forge asn1.fromDer function within forge/lib/asn1.js. The ASN.1 DER parser implementation (_fromDer) recurses for every constructed ASN.1 value (SEQUENCE, SET, etc.) and lacks a guard limiting recursion depth. An attacker can craft a small DER blob containing a very large nesting depth of constructed TLVs which causes the Node.js V8 engine to exhaust its call stack and throw RangeError: Maximum call stack size exceeded, crashing or incapacitating the process handling the parse. This is a remote, low-cost Denial-of-Service against applications that parse untrusted ASN.1 objects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge ASN.1 Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "RHBZ#2417397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
}
],
"release_date": "2025-11-26T22:23:26.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: node-forge ASN.1 Unbounded Recursion"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-05T17:01:20.277857+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419455"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "RHBZ#2419455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8",
"url": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53"
}
],
"release_date": "2025-12-05T16:02:15.271000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion"
},
{
"cve": "CVE-2025-66506",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:20.507333+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419056"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat as Fulcio, a certificate authority used for issuing code signing certificates, is susceptible to a denial of service when processing a specially crafted OpenID Connect (OIDC) token. This could lead to resource exhaustion and service unavailability in affected Red Hat products that utilize Fulcio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "RHBZ#2419056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419056"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a",
"url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw",
"url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
}
],
"release_date": "2025-12-04T22:04:41.637000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token"
},
{
"cve": "CVE-2026-24049",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-01-22T05:00:54.709179+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431959"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "RHBZ#2431959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24049",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef",
"url": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/releases/tag/0.46.2",
"url": "https://github.com/pypa/wheel/releases/tag/0.46.2"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx",
"url": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx"
}
],
"release_date": "2026-01-22T04:02:08.706000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking"
}
]
}
RHSA-2026:2762
Vulnerability from csaf_redhat - Published: 2026-02-16 17:44 - Updated: 2026-07-01 06:06A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64 | — |
Workaround
|
A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64 | — |
Workaround
|
A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64 | — |
A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64 | — |
Workaround
|
A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64 | — |
Workaround
|
A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process. The mitigation applied for CVE-2019-16884 was fairly limited and effectively only caused runc to verify that when we write LSM labels that those labels are actual procfs files.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64 | — |
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64 | — |
A flaw was found in auth0/node-jws. This vulnerability allows improper signature verification via using the HS256 (Hash-based Message Authentication Code using SHA-256) algorithm under specific conditions, where applications use the jws.createVerify() function for HMAC (Keyed-Hash Message Authentication Code) algorithms and user-provided data from the JSON (JavaScript Object Notation) Web Signature protected header or payload in HMAC secret lookup routines.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64 | — |
Workaround
|
An ASN.1 Denial of Service (Dos) vulnerability exists in the node-forge asn1.fromDer function within forge/lib/asn1.js. The ASN.1 DER parser implementation (_fromDer) recurses for every constructed ASN.1 value (SEQUENCE, SET, etc.) and lacks a guard limiting recursion depth. An attacker can craft a small DER blob containing a very large nesting depth of constructed TLVs which causes the Node.js V8 engine to exhaust its call stack and throw RangeError: Maximum call stack size exceeded, crashing or incapacitating the process handling the parse. This is a remote, low-cost Denial-of-Service against applications that parse untrusted ASN.1 objects.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64 | — |
Workaround
|
A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64 | — |
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data; CWE-409) on the client side, even if the application only requested a small chunk of data.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64 | — |
Workaround
|
A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64 | — |
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64 | — |
A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.10.18 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.10.18",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2762",
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-34156",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45337",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45338",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12816",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15284",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-52881",
"url": "https://access.redhat.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-65945",
"url": "https://access.redhat.com/security/cve/CVE-2025-65945"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66418",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66471",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66506",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-21441",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-24049",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2762.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.10.18",
"tracking": {
"current_release_date": "2026-07-01T06:06:19+00:00",
"generator": {
"date": "2026-07-01T06:06:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:2762",
"initial_release_date": "2026-02-16T17:44:31+00:00",
"revision_history": [
{
"date": "2026-02-16T17:44:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-16T17:44:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T06:06:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.10",
"product": {
"name": "Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.10::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3Af006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770249889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770224116"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3A27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770249881"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Af7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770133631"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Ac5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770991805"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Ad8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770991340"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770133671"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3A363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770993022"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770133646"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Ab54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770249183"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770224116"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770133631"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770991340"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770133671"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770133646"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770249183"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770224116"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Aaab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770133631"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770991340"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770133671"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770133646"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Ab46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770249183"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64 as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64 as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64 as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64 as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64 as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64 as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64 as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64 as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64 as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64 as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64",
"relates_to_product_reference": "Red Hat Quay 3.10"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-34156",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2024-09-06T21:20:09.377905+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310528"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Go\u0027s `encoding/gob` package is of high severity because it exposes applications to potential Denial of Service (DoS) attacks through stack exhaustion. Since `gob` relies on recursive function calls to decode nested structures, an attacker could exploit this by sending crafted messages with excessively deep nesting, causing the application to panic due to stack overflow. This risk is particularly important in scenarios where untrusted or external input is processed, as it can lead to system unavailability or crashes, undermining the reliability and availability of services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "RHBZ#2310528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://go.dev/cl/611239",
"url": "https://go.dev/cl/611239"
},
{
"category": "external",
"summary": "https://go.dev/issue/69139",
"url": "https://go.dev/issue/69139"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3106",
"url": "https://pkg.go.dev/vuln/GO-2024-3106"
}
],
"release_date": "2024-09-06T21:15:12.020000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T17:44:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion"
},
{
"cve": "CVE-2024-45337",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2024-12-11T19:00:54.247490+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331720"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as important rather than critical because it does not directly enable unauthorized access but rather introduces a risk of authorization bypass if the application or library misuses the PublicKeyCallback API. The vulnerability relies on incorrect assumptions made by the application when handling the sequence or state of keys provided during SSH authentication. Properly implemented systems that use the Permissions field or avoid relying on external state remain unaffected. Additionally, the vulnerability does not allow direct exploitation to gain control over a system without the presence of insecure logic in the application\u0027s handling of authentication attempts.\n\n\nRed Hat Enterprise Linux(RHEL) 8 \u0026 9 and Red Hat Openshift marked as not affected as it was determined that the problem function `ServerConfig.PublicKeyCallback`, as noted in the CVE-2024-45337 issue, is not called by Podman, Buildah, containers-common, or the gvisor-tap-vsock projects.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "RHBZ#2331720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909",
"url": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909"
},
{
"category": "external",
"summary": "https://go.dev/cl/635315",
"url": "https://go.dev/cl/635315"
},
{
"category": "external",
"summary": "https://go.dev/issue/70779",
"url": "https://go.dev/issue/70779"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3321",
"url": "https://pkg.go.dev/vuln/GO-2024-3321"
}
],
"release_date": "2024-12-11T18:55:58.506000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T17:44:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto"
},
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T17:44:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
},
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2025-11-25T20:01:05.875196+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417097"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "RHBZ#2417097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge",
"url": "https://github.com/digitalbazaar/forge"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/pull/1124",
"url": "https://github.com/digitalbazaar/forge/pull/1124"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/521113",
"url": "https://kb.cert.org/vuls/id/521113"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/node-forge",
"url": "https://www.npmjs.com/package/node-forge"
}
],
"release_date": "2025-11-25T19:15:50.243000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T17:44:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
},
{
"cve": "CVE-2025-15284",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-29T23:00:58.541337+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2425946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "qs: qs: Denial of Service via improper input validation in array parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that utilize the `qs` module for parsing query strings, particularly when processing user-controlled input with bracket notation. The `arrayLimit` option, intended to prevent resource exhaustion, is bypassed when bracket notation (`a[]=value`) is used, allowing a remote attacker to cause a denial of service through memory exhaustion. This can lead to application crashes or unresponsiveness, making the service unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "RHBZ#2425946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9",
"url": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p",
"url": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p"
}
],
"release_date": "2025-12-29T22:56:45.240000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T17:44:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "qs: qs: Denial of Service via improper input validation in array parsing"
},
{
"cve": "CVE-2025-52881",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-10-17T14:19:18.652000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2404715"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process. The mitigation applied for CVE-2019-16884 was fairly limited and effectively only caused runc to verify that when we write LSM labels that those labels are actual procfs files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "RHBZ#2404715",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404715"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm",
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/selinux/pull/237",
"url": "https://github.com/opencontainers/selinux/pull/237"
}
],
"release_date": "2025-11-05T09:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T17:44:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
},
{
"category": "workaround",
"details": "Potential mitigations for this issue include:\n\n* Using rootless containers, as doing so will block most of the inadvertent writes (runc would run with reduced privileges, making attempts to write to procfs files ineffective).\n* Based on our analysis, neither AppArmor or SELinux can protect against the full version of the redirected write attack. The container runtime is generally privileged enough to write to arbitrary procfs files, which is more than sufficient to cause a container breakout.",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T17:44:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-65945",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2025-12-04T19:01:14.733682+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418904"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in auth0/node-jws. This vulnerability allows improper signature verification via using the HS256 (Hash-based Message Authentication Code using SHA-256) algorithm under specific conditions, where applications use the jws.createVerify() function for HMAC (Keyed-Hash Message Authentication Code) algorithms and user-provided data from the JSON (JavaScript Object Notation) Web Signature protected header or payload in HMAC secret lookup routines.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65945"
},
{
"category": "external",
"summary": "RHBZ#2418904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65945"
},
{
"category": "external",
"summary": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e",
"url": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e"
},
{
"category": "external",
"summary": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x",
"url": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x"
}
],
"release_date": "2025-12-04T18:45:37.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T17:44:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm"
},
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-11-26T23:01:36.363253+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417397"
}
],
"notes": [
{
"category": "description",
"text": "An ASN.1 Denial of Service (Dos) vulnerability exists in the node-forge asn1.fromDer function within forge/lib/asn1.js. The ASN.1 DER parser implementation (_fromDer) recurses for every constructed ASN.1 value (SEQUENCE, SET, etc.) and lacks a guard limiting recursion depth. An attacker can craft a small DER blob containing a very large nesting depth of constructed TLVs which causes the Node.js V8 engine to exhaust its call stack and throw RangeError: Maximum call stack size exceeded, crashing or incapacitating the process handling the parse. This is a remote, low-cost Denial-of-Service against applications that parse untrusted ASN.1 objects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge ASN.1 Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "RHBZ#2417397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
}
],
"release_date": "2025-11-26T22:23:26.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T17:44:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: node-forge ASN.1 Unbounded Recursion"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-05T17:01:20.277857+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419455"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "RHBZ#2419455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8",
"url": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53"
}
],
"release_date": "2025-12-05T16:02:15.271000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T17:44:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion"
},
{
"cve": "CVE-2025-66471",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2025-12-05T17:02:21.597728+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419467"
}
],
"notes": [
{
"category": "description",
"text": "A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data; CWE-409) on the client side, even if the application only requested a small chunk of data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 Streaming API improperly handles highly compressed data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "RHBZ#2419467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7",
"url": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37"
}
],
"release_date": "2025-12-05T16:06:08.531000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T17:44:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 Streaming API improperly handles highly compressed data"
},
{
"cve": "CVE-2025-66506",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:20.507333+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419056"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat as Fulcio, a certificate authority used for issuing code signing certificates, is susceptible to a denial of service when processing a specially crafted OpenID Connect (OIDC) token. This could lead to resource exhaustion and service unavailability in affected Red Hat products that utilize Fulcio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "RHBZ#2419056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419056"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a",
"url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw",
"url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
}
],
"release_date": "2025-12-04T22:04:41.637000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T17:44:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token"
},
{
"cve": "CVE-2026-21441",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-01-07T23:01:59.422078+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427726"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is an HTTP client library for Python. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "RHBZ#2427726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427726"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b",
"url": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99"
}
],
"release_date": "2026-01-07T22:09:01.936000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T17:44:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)"
},
{
"cve": "CVE-2026-24049",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-01-22T05:00:54.709179+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431959"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "RHBZ#2431959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24049",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef",
"url": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/releases/tag/0.46.2",
"url": "https://github.com/pypa/wheel/releases/tag/0.46.2"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx",
"url": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx"
}
],
"release_date": "2026-01-22T04:02:08.706000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T17:44:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking"
}
]
}
RHSA-2026:6568
Vulnerability from csaf_redhat - Published: 2026-04-03 22:07 - Updated: 2026-07-01 06:07A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
A flaw was found in Authlib, a Python library used for building OAuth and OpenID Connect servers. The cache-backed state and request-token storage within Authlib is not securely linked to the user's initiating session. This vulnerability allows a remote attacker to exploit a Cross-Site Request Forgery (CSRF) by obtaining a valid state, which can lead to unauthorized actions being performed on behalf of the user.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in jsrsasign. A remote attacker could exploit this vulnerability by providing specially crafted zero or negative inputs to the bnModInverse function within the BigInteger.modInverse implementation. This could lead to an infinite loop, causing a permanent denial of service (DoS) by hanging the process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in jsrsasign. An attacker can exploit an incomplete comparison vulnerability in the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions. By manipulating incorrect comparison checks, an attacker can bias the Digital Signature Algorithm (DSA) nonces during signature generation. This allows the attacker to recover the private key, leading to a critical security compromise.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in jsrsasign. An attacker can exploit improper verification of cryptographic signatures by supplying malicious domain parameters during the Digital Signature Algorithm (DSA) validation process. This allows the attacker to forge DSA signatures or X.509 certificates, which would then be accepted as legitimate, potentially leading to unauthorized access or data manipulation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in jsrsasign. An attacker can exploit a missing cryptographic step in the Digital Signature Algorithm (DSA) signing process, specifically within the KJUR.crypto.DSA.signWithMessageHash function. By manipulating the signature generation to force specific values, the library emits an invalid signature without retrying. This vulnerability allows an attacker to recover the private key used for signing.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in jsrsasign. A remote attacker can exploit an incorrect conversion between numeric types by providing a negative exponent to the `modPow` function. This vulnerability can force the computation of incorrect modular inverses, which ultimately allows an attacker to bypass signature verification.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A validation flaw has been discovered in the python cryptography package. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor > 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it's easy to forge signatures on the small subgroup. Only SECT curves are impacted by this.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
A flaw was found in pypdf. Processing a specially crafted PDF document, specifically with circular /Prev references in the cross-reference (xref) chain, can cause an infinite loop and a high consumption of CPU, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
A flaw was found in Authlib, a Python library used for building OAuth and OpenID Connect (OIDC) servers. This vulnerability allows a remote attacker to bypass critical integrity checks in OIDC ID Tokens. Specifically, the library's internal hash verification logic fails open when encountering an unsupported cryptographic algorithm, accepting a forged ID Token as valid. This can lead to an authentication bypass, granting unauthorized access to systems relying on Authlib for OIDC authentication.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. A remote attacker can exploit this vulnerability by crafting a malicious JSON Web Token (JWT) with a "none" algorithm and an empty signature. This bypasses the expected signature verification, potentially allowing the attacker to forge tokens and gain unauthorized access or perform unauthorized actions within applications using Authlib.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in Immutable.js, a library for persistent immutable data structures. This vulnerability, known as Prototype Pollution, allows an attacker with low privileges to inject unwanted properties into core JavaScript object prototypes without user interaction. By manipulating specific APIs such as mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject(), a remote attacker could potentially execute arbitrary code or cause a denial of service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
A flaw was found in SVGO, an SVG (Scalable Vector Graphics) Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by submitting a specially crafted XML file. The application's failure to properly guard against XML entity expansion or recursion can lead to the Node.js process consuming excessive memory and crashing.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE (0x30) or SET (0x31) tags with Indefinite Length (0x80) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a RecursionError or consumes all available memory (OOM), crashing the host application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.15.4 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.15.4",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:6568",
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-34156",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45337",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45338",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68158",
"url": "https://access.redhat.com/security/cve/CVE-2025-68158"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-69873",
"url": "https://access.redhat.com/security/cve/CVE-2025-69873"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25639",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25990",
"url": "https://access.redhat.com/security/cve/CVE-2026-25990"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26007",
"url": "https://access.redhat.com/security/cve/CVE-2026-26007"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26996",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27628",
"url": "https://access.redhat.com/security/cve/CVE-2026-27628"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27904",
"url": "https://access.redhat.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-28498",
"url": "https://access.redhat.com/security/cve/CVE-2026-28498"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-28802",
"url": "https://access.redhat.com/security/cve/CVE-2026-28802"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29063",
"url": "https://access.redhat.com/security/cve/CVE-2026-29063"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29074",
"url": "https://access.redhat.com/security/cve/CVE-2026-29074"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-30922",
"url": "https://access.redhat.com/security/cve/CVE-2026-30922"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32597",
"url": "https://access.redhat.com/security/cve/CVE-2026-32597"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4598",
"url": "https://access.redhat.com/security/cve/CVE-2026-4598"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4599",
"url": "https://access.redhat.com/security/cve/CVE-2026-4599"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4600",
"url": "https://access.redhat.com/security/cve/CVE-2026-4600"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4601",
"url": "https://access.redhat.com/security/cve/CVE-2026-4601"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4602",
"url": "https://access.redhat.com/security/cve/CVE-2026-4602"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_6568.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.15.4",
"tracking": {
"current_release_date": "2026-07-01T06:07:27+00:00",
"generator": {
"date": "2026-07-01T06:07:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:6568",
"initial_release_date": "2026-04-03T22:07:28+00:00",
"revision_history": [
{
"date": "2026-04-03T22:07:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-03T22:07:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T06:07:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.15",
"product": {
"name": "Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.15::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774980222"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774979159"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3Aebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774980224"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Aa1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774979227"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775183105"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775227789"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775249999"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3Adec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775250489"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774984603"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Ac72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775169219"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Acde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1774979159"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1774979227"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1775227789"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1775249999"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Ae5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1774984603"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1775169219"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Aee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1774979159"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Ad6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1774979227"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1775227789"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1775249999"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1774984603"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Abe166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1775169219"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-34156",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2024-09-06T21:20:09.377905+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310528"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Go\u0027s `encoding/gob` package is of high severity because it exposes applications to potential Denial of Service (DoS) attacks through stack exhaustion. Since `gob` relies on recursive function calls to decode nested structures, an attacker could exploit this by sending crafted messages with excessively deep nesting, causing the application to panic due to stack overflow. This risk is particularly important in scenarios where untrusted or external input is processed, as it can lead to system unavailability or crashes, undermining the reliability and availability of services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "RHBZ#2310528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://go.dev/cl/611239",
"url": "https://go.dev/cl/611239"
},
{
"category": "external",
"summary": "https://go.dev/issue/69139",
"url": "https://go.dev/issue/69139"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3106",
"url": "https://pkg.go.dev/vuln/GO-2024-3106"
}
],
"release_date": "2024-09-06T21:15:12.020000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion"
},
{
"cve": "CVE-2024-45337",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2024-12-11T19:00:54.247490+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331720"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as important rather than critical because it does not directly enable unauthorized access but rather introduces a risk of authorization bypass if the application or library misuses the PublicKeyCallback API. The vulnerability relies on incorrect assumptions made by the application when handling the sequence or state of keys provided during SSH authentication. Properly implemented systems that use the Permissions field or avoid relying on external state remain unaffected. Additionally, the vulnerability does not allow direct exploitation to gain control over a system without the presence of insecure logic in the application\u0027s handling of authentication attempts.\n\n\nRed Hat Enterprise Linux(RHEL) 8 \u0026 9 and Red Hat Openshift marked as not affected as it was determined that the problem function `ServerConfig.PublicKeyCallback`, as noted in the CVE-2024-45337 issue, is not called by Podman, Buildah, containers-common, or the gvisor-tap-vsock projects.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "RHBZ#2331720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909",
"url": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909"
},
{
"category": "external",
"summary": "https://go.dev/cl/635315",
"url": "https://go.dev/cl/635315"
},
{
"category": "external",
"summary": "https://go.dev/issue/70779",
"url": "https://go.dev/issue/70779"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3321",
"url": "https://pkg.go.dev/vuln/GO-2024-3321"
}
],
"release_date": "2024-12-11T18:55:58.506000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto"
},
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
},
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2025-68158",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2026-01-08T19:01:41.615962+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2428102"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Authlib, a Python library used for building OAuth and OpenID Connect servers. The cache-backed state and request-token storage within Authlib is not securely linked to the user\u0027s initiating session. This vulnerability allows a remote attacker to exploit a Cross-Site Request Forgery (CSRF) by obtaining a valid state, which can lead to unauthorized actions being performed on behalf of the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Authlib: Authlib: Cross-Site Request Forgery due to improper session management in state storage",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products utilizing Authlib, such as Red Hat Ansible Automation Platform, Hosted OpenShift Clusters, Red Hat Quay, and Red Hat Satellite. The flaw arises from improper session management in Authlib\u0027s cache-backed state storage, allowing a remote attacker to perform Cross-Site Request Forgery (CSRF) by obtaining a valid state.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68158"
},
{
"category": "external",
"summary": "RHBZ#2428102",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428102"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68158",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68158"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68158",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68158"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/2808378611dd6fb2532b189a9087877d8f0c0489",
"url": "https://github.com/authlib/authlib/commit/2808378611dd6fb2532b189a9087877d8f0c0489"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/7974f45e4d7492ab5f527577677f2770ce423228",
"url": "https://github.com/authlib/authlib/commit/7974f45e4d7492ab5f527577677f2770ce423228"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-fg6f-75jq-6523",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-fg6f-75jq-6523"
}
],
"release_date": "2026-01-08T17:58:17.724000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Authlib: Authlib: Cross-Site Request Forgery due to improper session management in state storage"
},
{
"cve": "CVE-2025-69873",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-11T19:01:32.953264+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ajv: ReDoS via $data reference",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, the $data option must be enabled and the attacker needs to be able to send a payload with a specially crafted regular expression to the application processing the input. A 31-character payload causes approximately 44 seconds of execution, with each additional character doubling the execution time. Therefore, even a small payload can cause an application to become unresponsive and eventually result in a denial of service. Due to this reason, this flaw has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69873"
},
{
"category": "external",
"summary": "RHBZ#2439070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873"
},
{
"category": "external",
"summary": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md",
"url": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md"
}
],
"release_date": "2026-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable the $data feature if your application does not require it. If $data must be used, implement strict validation of the input fields that are referenced by the pattern keyword to ensure they contain only expected and safe characters.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ajv: ReDoS via $data reference"
},
{
"cve": "CVE-2026-4598",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-03-23T06:01:47.891452+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450210"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsrsasign. A remote attacker could exploit this vulnerability by providing specially crafted zero or negative inputs to the bnModInverse function within the BigInteger.modInverse implementation. This could lead to an infinite loop, causing a permanent denial of service (DoS) by hanging the process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsrsasign: jsrsasign: Denial of Service via infinite loop in bnModInverse function with crafted inputs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "IMPORTANT: A denial of service flaw was found in jsrsasign. This vulnerability allows a remote attacker to cause a permanent denial of service by providing specially crafted zero or negative inputs to the bnModInverse function, leading to an infinite loop. This affects Red Hat Migration Toolkit for Virtualization and Red Hat Quay, which utilize the vulnerable jsrsasign component.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4598"
},
{
"category": "external",
"summary": "RHBZ#2450210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450210"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4598",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4598"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4598",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4598"
},
{
"category": "external",
"summary": "https://gist.github.com/Kr0emer/a1bf5cd4547cc630d2dcc5e761de8264",
"url": "https://gist.github.com/Kr0emer/a1bf5cd4547cc630d2dcc5e761de8264"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/commit/ca5b027240287a1e71fe63019fc4400332594323",
"url": "https://github.com/kjur/jsrsasign/commit/ca5b027240287a1e71fe63019fc4400332594323"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/pull/648",
"url": "https://github.com/kjur/jsrsasign/pull/648"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370938",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370938"
}
],
"release_date": "2026-03-23T05:00:11.571000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsrsasign: jsrsasign: Denial of Service via infinite loop in bnModInverse function with crafted inputs"
},
{
"cve": "CVE-2026-4599",
"cwe": {
"id": "CWE-338",
"name": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"
},
"discovery_date": "2026-03-23T06:01:34.008562+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450207"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsrsasign. An attacker can exploit an incomplete comparison vulnerability in the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions. By manipulating incorrect comparison checks, an attacker can bias the Digital Signature Algorithm (DSA) nonces during signature generation. This allows the attacker to recover the private key, leading to a critical security compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsrsasign: jsrsasign: Private key recovery via incomplete comparison checks biasing DSA nonces",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4599"
},
{
"category": "external",
"summary": "RHBZ#2450207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450207"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4599",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4599"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4599",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4599"
},
{
"category": "external",
"summary": "https://gist.github.com/Kr0emer/081681818b51605c91945126d74b4f20",
"url": "https://gist.github.com/Kr0emer/081681818b51605c91945126d74b4f20"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/commit/ee4b013478366cb16cea9a4bdfb218b6077f83b1",
"url": "https://github.com/kjur/jsrsasign/commit/ee4b013478366cb16cea9a4bdfb218b6077f83b1"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/pull/647",
"url": "https://github.com/kjur/jsrsasign/pull/647"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370939",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370939"
}
],
"release_date": "2026-03-23T05:00:12.522000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsrsasign: jsrsasign: Private key recovery via incomplete comparison checks biasing DSA nonces"
},
{
"cve": "CVE-2026-4600",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-23T06:01:39.334925+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450208"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsrsasign. An attacker can exploit improper verification of cryptographic signatures by supplying malicious domain parameters during the Digital Signature Algorithm (DSA) validation process. This allows the attacker to forge DSA signatures or X.509 certificates, which would then be accepted as legitimate, potentially leading to unauthorized access or data manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsrsasign: jsrsasign: Cryptographic signature forgery via malicious DSA domain parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "IMPORTANT. The flaw in jsrsasign allows an attacker to forge Digital Signature Algorithm (DSA) signatures or X.509 certificates by providing malicious domain parameters during validation. This could lead to unauthorized access or data manipulation in affected Red Hat products such as Migration Toolkit for Virtualization and Red Hat Quay, where jsrsasign is utilized for cryptographic signature verification.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4600"
},
{
"category": "external",
"summary": "RHBZ#2450208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450208"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4600",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4600"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4600",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4600"
},
{
"category": "external",
"summary": "https://gist.github.com/Kr0emer/bf15ddc097176e951659a24a8e9002a7",
"url": "https://gist.github.com/Kr0emer/bf15ddc097176e951659a24a8e9002a7"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/commit/37b4c06b145c7bfd6bc2a6df5d0a12c56b15ef60",
"url": "https://github.com/kjur/jsrsasign/commit/37b4c06b145c7bfd6bc2a6df5d0a12c56b15ef60"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/pull/646",
"url": "https://github.com/kjur/jsrsasign/pull/646"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370940",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370940"
}
],
"release_date": "2026-03-23T05:00:08.475000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsrsasign: jsrsasign: Cryptographic signature forgery via malicious DSA domain parameters"
},
{
"cve": "CVE-2026-4601",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2026-03-23T06:01:44.014846+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450209"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsrsasign. An attacker can exploit a missing cryptographic step in the Digital Signature Algorithm (DSA) signing process, specifically within the KJUR.crypto.DSA.signWithMessageHash function. By manipulating the signature generation to force specific values, the library emits an invalid signature without retrying. This vulnerability allows an attacker to recover the private key used for signing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsrsasign: jsrsasign: Private Key Recovery via Missing Cryptographic Step in DSA Signing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "IMPORTANT: A flaw in the jsrsasign library allows for private key recovery due to a missing cryptographic step in the Digital Signature Algorithm (DSA) signing process. An attacker can manipulate signature generation within the KJUR.crypto.DSA.signWithMessageHash function to force specific values, enabling the recovery of the private key. This impacts Red Hat products utilizing jsrsasign, such as Migration Toolkit for Virtualization and Red Hat Quay.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4601"
},
{
"category": "external",
"summary": "RHBZ#2450209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450209"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4601",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4601"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4601",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4601"
},
{
"category": "external",
"summary": "https://gist.github.com/Kr0emer/93789fe6efe5519db9692d4ad1dad586",
"url": "https://gist.github.com/Kr0emer/93789fe6efe5519db9692d4ad1dad586"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/commit/0710e392ec35de697ce11e4219c988ba2b5fe0eb",
"url": "https://github.com/kjur/jsrsasign/commit/0710e392ec35de697ce11e4219c988ba2b5fe0eb"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/pull/645",
"url": "https://github.com/kjur/jsrsasign/pull/645"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370941",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370941"
}
],
"release_date": "2026-03-23T05:00:13.312000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsrsasign: jsrsasign: Private Key Recovery via Missing Cryptographic Step in DSA Signing"
},
{
"cve": "CVE-2026-4602",
"cwe": {
"id": "CWE-681",
"name": "Incorrect Conversion between Numeric Types"
},
"discovery_date": "2026-03-23T06:01:28.729668+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450206"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsrsasign. A remote attacker can exploit an incorrect conversion between numeric types by providing a negative exponent to the `modPow` function. This vulnerability can force the computation of incorrect modular inverses, which ultimately allows an attacker to bypass signature verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsrsasign: jsrsasign: Signature verification bypass via negative exponent handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an IMPORTANT flaw. The `jsrsasign` library, as used in Red Hat products such as Migration Toolkit for Virtualization and Red Hat Quay, is vulnerable to a signature verification bypass. A remote attacker could provide a specially crafted negative exponent to the `modPow` function, leading to incorrect modular inverse computations and allowing them to bypass signature verification.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4602"
},
{
"category": "external",
"summary": "RHBZ#2450206",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450206"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4602",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4602"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4602",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4602"
},
{
"category": "external",
"summary": "https://gist.github.com/Kr0emer/7ecd2be7d17419e4677315ef3758faf5",
"url": "https://gist.github.com/Kr0emer/7ecd2be7d17419e4677315ef3758faf5"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/commit/5ea1c32bb2aa894b4bd29849839afe4f98728195",
"url": "https://github.com/kjur/jsrsasign/commit/5ea1c32bb2aa894b4bd29849839afe4f98728195"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/pull/650",
"url": "https://github.com/kjur/jsrsasign/pull/650"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15371175",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15371175"
}
],
"release_date": "2026-03-23T05:00:10.567000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsrsasign: jsrsasign: Signature verification bypass via negative exponent handling"
},
{
"cve": "CVE-2026-25639",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-09T21:00:49.280114+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438237"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "RHBZ#2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"release_date": "2026-02-09T20:11:22.374000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
},
{
"cve": "CVE-2026-25990",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-02-11T21:05:39.535631+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439170"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25990"
},
{
"category": "external",
"summary": "RHBZ#2439170",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439170"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25990"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa",
"url": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc"
}
],
"release_date": "2026-02-11T20:53:52.524000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image"
},
{
"cve": "CVE-2026-26007",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2026-02-10T22:01:01.036116+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438762"
}
],
"notes": [
{
"category": "description",
"text": "A validation flaw has been discovered in the python cryptography package. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor \u003e 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it\u0027s easy to forge signatures on the small subgroup. Only SECT curves are impacted by this.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw, while difficult to exploit, would lead to a loss of integrity in the encrypted communication channel. Given that the cryptography package is a library, it is likely to be used in situations that do not require user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26007"
},
{
"category": "external",
"summary": "RHBZ#2438762",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438762"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26007"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26007",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26007"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c",
"url": "https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2",
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2"
}
],
"release_date": "2026-02-10T21:42:56.471000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves"
},
{
"cve": "CVE-2026-26996",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-20T04:01:11.896063+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441268"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: minimatch: Denial of Service via specially crafted glob patterns",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "RHBZ#2441268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5",
"url": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26"
}
],
"release_date": "2026-02-20T03:05:21.105000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns"
},
{
"cve": "CVE-2026-27628",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2026-02-25T04:02:09.864561+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442543"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pypdf. Processing a specially crafted PDF document, specifically with circular /Prev references in the cross-reference (xref) chain, can cause an infinite loop and a high consumption of CPU, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pypdf: possible infinite loop when loading circular /Prev entries in cross-reference streams",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to supply a crafted PDF file to be processed by an application using the pypdf library. This issue can cause the application to enter an infinite loop and consume a high amount of CPU resources, eventually resulting in a denial of service with no other security impact. Due to these reasons, this vulnerability has been rated with a moderate impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27628"
},
{
"category": "external",
"summary": "RHBZ#2442543",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442543"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27628",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27628"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27628",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27628"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/commit/0fbd95938724ad2d72688d4112207c0590f0483f",
"url": "https://github.com/py-pdf/pypdf/commit/0fbd95938724ad2d72688d4112207c0590f0483f"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/issues/3654",
"url": "https://github.com/py-pdf/pypdf/issues/3654"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35",
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35"
}
],
"release_date": "2026-02-25T02:45:37.543000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "pypdf: possible infinite loop when loading circular /Prev entries in cross-reference streams"
},
{
"cve": "CVE-2026-27904",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-26T02:01:23.004531+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442922"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "RHBZ#2442922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442922"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74"
}
],
"release_date": "2026-02-26T01:07:42.693000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions"
},
{
"cve": "CVE-2026-28498",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2026-03-16T19:02:00.128339+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448182"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Authlib, a Python library used for building OAuth and OpenID Connect (OIDC) servers. This vulnerability allows a remote attacker to bypass critical integrity checks in OIDC ID Tokens. Specifically, the library\u0027s internal hash verification logic fails open when encountering an unsupported cryptographic algorithm, accepting a forged ID Token as valid. This can lead to an authentication bypass, granting unauthorized access to systems relying on Authlib for OIDC authentication.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib: Authentication bypass via forged OpenID Connect ID Tokens",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This IMPORTANT vulnerability in Authlib allows attackers to bypass OIDC ID Token integrity verification. The at_hash and c_hash validation fails open for unknown algorithms, accepting forged tokens as valid. Exploitation requires no authentication or user interaction. Impact is high to confidentiality and integrity. Red Hat products using Authlib for OIDC validation are affected. Fixed in version 1.6.9.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28498"
},
{
"category": "external",
"summary": "RHBZ#2448182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448182"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28498",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28498"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28498",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28498"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/b9bb2b25bf8b7e01512d847a95c1749646eaa72b",
"url": "https://github.com/authlib/authlib/commit/b9bb2b25bf8b7e01512d847a95c1749646eaa72b"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/releases/tag/v1.6.9",
"url": "https://github.com/authlib/authlib/releases/tag/v1.6.9"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-m344-f55w-2m6j",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-m344-f55w-2m6j"
}
],
"release_date": "2026-03-16T18:03:28.821000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "authlib: Authlib: Authentication bypass via forged OpenID Connect ID Tokens"
},
{
"cve": "CVE-2026-28802",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-06T07:01:49.366979+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445120"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. A remote attacker can exploit this vulnerability by crafting a malicious JSON Web Token (JWT) with a \"none\" algorithm and an empty signature. This bypasses the expected signature verification, potentially allowing the attacker to forge tokens and gain unauthorized access or perform unauthorized actions within applications using Authlib.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib: Signature verification bypass via malicious JWT allows unauthorized access",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28802"
},
{
"category": "external",
"summary": "RHBZ#2445120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445120"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28802",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28802"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28802",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28802"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75",
"url": "https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7",
"url": "https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg"
}
],
"release_date": "2026-03-06T06:44:26.402000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "authlib: Authlib: Signature verification bypass via malicious JWT allows unauthorized access"
},
{
"cve": "CVE-2026-29063",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-03-06T19:00:57.982727+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Immutable.js, a library for persistent immutable data structures. This vulnerability, known as Prototype Pollution, allows an attacker with low privileges to inject unwanted properties into core JavaScript object prototypes without user interaction. By manipulating specific APIs such as mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject(), a remote attacker could potentially execute arbitrary code or cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this vulnerability requires that an attacker is able to provide arbitrary data to clients of this library in a way that calls the affected functions with data the attacker controls. In most deployments, the ability to provide data in this fashion requires that an attacker has some degree of privileges to access the affected applications.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29063"
},
{
"category": "external",
"summary": "RHBZ#2445291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29063",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29063"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29063",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29063"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/releases/tag/v3.8.3",
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v3.8.3"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/releases/tag/v4.3.8",
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v4.3.8"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/releases/tag/v5.1.5",
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v5.1.5"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/security/advisories/GHSA-wf6x-7x77-mvgw",
"url": "https://github.com/immutable-js/immutable-js/security/advisories/GHSA-wf6x-7x77-mvgw"
}
],
"release_date": "2026-03-06T18:25:22.438000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution"
},
{
"cve": "CVE-2026-29074",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2026-03-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445132"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in SVGO, an SVG (Scalable Vector Graphics) Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by submitting a specially crafted XML file. The application\u0027s failure to properly guard against XML entity expansion or recursion can lead to the Node.js process consuming excessive memory and crashing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "svgo: SVGO: Denial of Service via XML entity expansion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29074"
},
{
"category": "external",
"summary": "RHBZ#2445132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445132"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29074",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29074"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074"
},
{
"category": "external",
"summary": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673",
"url": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673"
}
],
"release_date": "2026-03-06T07:23:05.716000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "svgo: SVGO: Denial of Service via XML entity expansion"
},
{
"cve": "CVE-2026-30922",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2026-03-18T04:02:45.401296+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448553"
}
],
"notes": [
{
"category": "description",
"text": "An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE (0x30) or SET (0x31) tags with Indefinite Length (0x80) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a RecursionError or consumes all available memory (OOM), crashing the host application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-30922"
},
{
"category": "external",
"summary": "RHBZ#2448553",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448553"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-30922",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-30922"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-30922",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30922"
},
{
"category": "external",
"summary": "https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0",
"url": "https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0"
},
{
"category": "external",
"summary": "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r",
"url": "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r"
}
],
"release_date": "2026-03-18T02:29:45.857000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion"
},
{
"cve": "CVE-2026-32597",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-12T22:01:29.967713+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447194"
}
],
"notes": [
{
"category": "description",
"text": "A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 \u00a74.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 \u00a74.1.11 MUST violation)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32597"
},
{
"category": "external",
"summary": "RHBZ#2447194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32597",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32597"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32597",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32597"
},
{
"category": "external",
"summary": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f",
"url": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f"
}
],
"release_date": "2026-03-12T21:41:50.427000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 \u00a74.1.11 MUST violation)"
}
]
}
SUSE-SU-2025:0060-1
Vulnerability from csaf_suse - Published: 2025-01-10 11:33 - Updated: 2025-01-10 11:33| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for govulncheck-vulndb",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for govulncheck-vulndb fixes the following issues:\n\n- Update to version 0.0.20250108T191942 2025-01-08T19:19:42Z.\n Refs jsc#PED-11136\n Go CVE Numbering Authority IDs added or updated with aliases:\n * GO-2025-3371 GHSA-2r2v-9pf8-6342\n * GO-2025-3374 CVE-2025-22130 GHSA-j4jw-m6xr-fv6c\n\n- Update to version 0.0.20250107T160406 2025-01-07T16:04:06Z.\n Refs jsc#PED-11136\n Go CVE Numbering Authority IDs added or updated with aliases:\n * GO-2025-3363 GO-2025-3364 GO-2025-3367 GO-2025-3368\n * GO-2024-3355 CVE-2024-54148 GHSA-r7j8-5h9c-f6fx\n * GO-2024-3356 CVE-2024-55947 GHSA-qf5v-rp47-55gg\n * GO-2024-3357 CVE-2024-56362 GHSA-xwx7-p63r-2rj8\n * GO-2024-3358 CVE-2024-45387 GHSA-vq94-9pfv-ccqr\n * GO-2024-3359 CVE-2024-28892 GHSA-5qww-56gc-f66c\n * GO-2024-3360 CVE-2024-25133 GHSA-wgqq-9qh8-wvqv\n * GO-2025-3361 CVE-2024-55196 GHSA-rv83-h68q-c4wq\n * GO-2025-3362 CVE-2025-21609 GHSA-8fx8-pffw-w498\n * GO-2025-3363 CVE-2024-56514 GHSA-cwrh-575j-8vr3\n * GO-2025-3364 CVE-2024-56513 GHSA-mg7w-c9x2-xh7r\n * GO-2025-3367 CVE-2025-21614 GHSA-r9px-m959-cxf4\n * GO-2025-3368 CVE-2025-21613 GHSA-v725-9546-7q7m\n\n- Update to version 0.0.20241220T214820 2024-12-20T21:48:20Z.\n Refs jsc#PED-11136\n Go CVE Numbering Authority IDs added or updated with aliases:\n * GO-2024-3101 GHSA-75qh-gg76-p2w4\n * GO-2024-3339 GHSA-8wcc-m6j2-qxvm\n\n- Update to version 0.0.20241220T203729 2024-12-20T20:37:29Z.\n Refs jsc#PED-11136\n Go CVE Numbering Authority IDs added or updated with aliases:\n * GO-2024-3101 GHSA-75qh-gg76-p2w4\n * GO-2024-3109 CVE-2024-43803 GHSA-pqfh-xh7w-7h3p\n * GO-2024-3333 CVE-2024-45338 GHSA-w32m-9786-jp63\n * GO-2024-3342 GHSA-hxr6-2p24-hf98\n * GO-2024-3343 CVE-2024-9779 GHSA-jhh6-6fhp-q2xp\n * GO-2024-3344 GHSA-32gq-x56h-299c\n * GO-2024-3349 CVE-2024-25131 GHSA-77c2-c35q-254w\n * GO-2024-3350 GHSA-5pf6-cq2v-23ww\n * GO-2024-3354 CVE-2024-12678 GHSA-hr68-hvgv-xxqf\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-60,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-60,openSUSE-SLE-15.6-2025-60",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0060-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0060-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250060-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0060-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020087.html"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12678 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12678/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-25131 page",
"url": "https://www.suse.com/security/cve/CVE-2024-25131/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-25133 page",
"url": "https://www.suse.com/security/cve/CVE-2024-25133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-28892 page",
"url": "https://www.suse.com/security/cve/CVE-2024-28892/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43803 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43803/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45338 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45338/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45387 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45387/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-54148 page",
"url": "https://www.suse.com/security/cve/CVE-2024-54148/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-55196 page",
"url": "https://www.suse.com/security/cve/CVE-2024-55196/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-55947 page",
"url": "https://www.suse.com/security/cve/CVE-2024-55947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56362 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56362/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56513 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56513/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56514 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56514/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-9779 page",
"url": "https://www.suse.com/security/cve/CVE-2024-9779/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21609 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21609/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21613 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21613/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21614 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21614/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22130 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22130/"
}
],
"title": "Security update for govulncheck-vulndb",
"tracking": {
"current_release_date": "2025-01-10T11:33:29Z",
"generator": {
"date": "2025-01-10T11:33:29Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0060-1",
"initial_release_date": "2025-01-10T11:33:29Z",
"revision_history": [
{
"date": "2025-01-10T11:33:29Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"product": {
"name": "govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"product_id": "govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
},
"product_reference": "govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
},
"product_reference": "govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12678"
}
],
"notes": [
{
"category": "general",
"text": "Nomad Community and Nomad Enterprise (\"Nomad\") allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad Community Edition 1.9.4 and Nomad Enterprise 1.9.4, 1.8.8, and 1.7.16.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12678",
"url": "https://www.suse.com/security/cve/CVE-2024-12678"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-10T11:33:29Z",
"details": "important"
}
],
"title": "CVE-2024-12678"
},
{
"cve": "CVE-2024-25131",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-25131"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the MustGather.managed.openshift.io Custom Defined Resource (CRD) of OpenShift Dedicated. A non-privileged user on the cluster can create a MustGather object with a specially crafted file and set the most privileged service account to run the job. This can allow a standard developer user to escalate their privileges to a cluster administrator and pivot to the AWS environment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-25131",
"url": "https://www.suse.com/security/cve/CVE-2024-25131"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-10T11:33:29Z",
"details": "important"
}
],
"title": "CVE-2024-25131"
},
{
"cve": "CVE-2024-25133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-25133"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Hive ClusterDeployments resource in OpenShift Dedicated. In certain conditions, this issue may allow a developer account on a Hive-enabled cluster to obtain cluster-admin privileges by executing arbitrary commands on the hive/hive-controllers pod.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-25133",
"url": "https://www.suse.com/security/cve/CVE-2024-25133"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-10T11:33:29Z",
"details": "important"
}
],
"title": "CVE-2024-25133"
},
{
"cve": "CVE-2024-28892",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-28892"
}
],
"notes": [
{
"category": "general",
"text": "An OS command injection vulnerability exists in the name parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-28892",
"url": "https://www.suse.com/security/cve/CVE-2024-28892"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-10T11:33:29Z",
"details": "critical"
}
],
"title": "CVE-2024-28892"
},
{
"cve": "CVE-2024-43803",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43803"
}
],
"notes": [
{
"category": "general",
"text": "The Bare Metal Operator (BMO) implements a Kubernetes API for managing bare metal hosts in Metal3. The `BareMetalHost` (BMH) CRD allows the `userData`, `metaData`, and `networkData` for the provisioned host to be specified as links to Kubernetes Secrets. There are fields for both the `Name` and `Namespace` of the Secret, meaning that versions of the baremetal-operator prior to 0.8.0, 0.6.2, and 0.5.2 will read a `Secret` from any namespace. A user with access to create or edit a `BareMetalHost` can thus exfiltrate a `Secret` from another namespace by using it as e.g. the `userData` for provisioning some host (note that this need not be a real host, it could be a VM somewhere).\n\nBMO will only read a key with the name `value` (or `userData`, `metaData`, or `networkData`), so that limits the exposure somewhat. `value` is probably a pretty common key though. Secrets used by _other_ `BareMetalHost`s in different namespaces are always vulnerable. It is probably relatively unusual for anyone other than cluster administrators to have RBAC access to create/edit a `BareMetalHost`. This vulnerability is only meaningful, if the cluster has users other than administrators and users\u0027 privileges are limited to their respective namespaces.\n\nThe patch prevents BMO from accepting links to Secrets from other namespaces as BMH input. Any BMH configuration is only read from the same namespace only. The problem is patched in BMO releases v0.7.0, v0.6.2 and v0.5.2 and users should upgrade to those versions. Prior upgrading, duplicate the BMC Secrets to the namespace where the corresponding BMH is. After upgrade, remove the old Secrets. As a workaround, an operator can configure BMO RBAC to be namespace scoped for Secrets, instead of cluster scoped, to prevent BMO from accessing Secrets from other namespaces.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43803",
"url": "https://www.suse.com/security/cve/CVE-2024-43803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-10T11:33:29Z",
"details": "moderate"
}
],
"title": "CVE-2024-43803"
},
{
"cve": "CVE-2024-45338",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45338"
}
],
"notes": [
{
"category": "general",
"text": "An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45338",
"url": "https://www.suse.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "SUSE Bug 1234794 for CVE-2024-45338",
"url": "https://bugzilla.suse.com/1234794"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-10T11:33:29Z",
"details": "important"
}
],
"title": "CVE-2024-45338"
},
{
"cve": "CVE-2024-45387",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45387"
}
],
"notes": [
{
"category": "general",
"text": "An SQL injection vulnerability in Traffic Ops in Apache Traffic Control \u003c= 8.0.1, \u003e= 8.0.0 allows a privileged user with role \"admin\", \"federation\", \"operations\", \"portal\", or \"steering\" to execute arbitrary SQL against the database by sending a specially-crafted PUT request.\n\nUsers are recommended to upgrade to version Apache Traffic Control 8.0.2 if you run an affected version of Traffic Ops.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45387",
"url": "https://www.suse.com/security/cve/CVE-2024-45387"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-10T11:33:29Z",
"details": "critical"
}
],
"title": "CVE-2024-45387"
},
{
"cve": "CVE-2024-54148",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-54148"
}
],
"notes": [
{
"category": "general",
"text": "Gogs is an open source self-hosted Git service. A malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. The vulnerability is fixed in 0.13.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-54148",
"url": "https://www.suse.com/security/cve/CVE-2024-54148"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-10T11:33:29Z",
"details": "critical"
}
],
"title": "CVE-2024-54148"
},
{
"cve": "CVE-2024-55196",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-55196"
}
],
"notes": [
{
"category": "general",
"text": "Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-55196",
"url": "https://www.suse.com/security/cve/CVE-2024-55196"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-10T11:33:29Z",
"details": "important"
}
],
"title": "CVE-2024-55196"
},
{
"cve": "CVE-2024-55947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-55947"
}
],
"notes": [
{
"category": "general",
"text": "Gogs is an open source self-hosted Git service. A malicious user is able to write a file to an arbitrary path on the server to gain SSH access to the server. The vulnerability is fixed in 0.13.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-55947",
"url": "https://www.suse.com/security/cve/CVE-2024-55947"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-10T11:33:29Z",
"details": "important"
}
],
"title": "CVE-2024-55947"
},
{
"cve": "CVE-2024-56362",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56362"
}
],
"notes": [
{
"category": "general",
"text": "Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone with access to the database file can retrieve the secret. This vulnerability is fixed in 0.54.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56362",
"url": "https://www.suse.com/security/cve/CVE-2024-56362"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-10T11:33:29Z",
"details": "important"
}
],
"title": "CVE-2024-56362"
},
{
"cve": "CVE-2024-56513",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56513"
}
],
"notes": [
{
"category": "general",
"text": "Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, the PULL mode clusters registered with the `karmadactl register` command have excessive privileges to access control plane resources. By abusing these permissions, an attacker able to authenticate as the karmada-agent to a karmada cluster would be able to obtain administrative privileges over the entire federation system including all registered member clusters. Since Karmada v1.12.0, command `karmadactl register` restricts the access permissions of pull mode member clusters to control plane resources. This way, an attacker able to authenticate as the karmada-agent cannot control other member clusters in Karmada. As a workaround, one may restrict the access permissions of pull mode member clusters to control plane resources according to Karmada Component Permissions Docs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56513",
"url": "https://www.suse.com/security/cve/CVE-2024-56513"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-10T11:33:29Z",
"details": "important"
}
],
"title": "CVE-2024-56513"
},
{
"cve": "CVE-2024-56514",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56514"
}
],
"notes": [
{
"category": "general",
"text": "Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, both in karmadactl and karmada-operator, it is possible to supply a filesystem path, or an HTTP(s) URL to retrieve the custom resource definitions(CRDs) needed by Karmada. The CRDs are downloaded as a gzipped tarfile and are vulnerable to a TarSlip vulnerability. An attacker able to supply a malicious CRD file into a Karmada initialization could write arbitrary files in arbitrary paths of the filesystem. From Karmada version 1.12.0, when processing custom CRDs files, CRDs archive verification is utilized to enhance file system robustness. A workaround is available. Someone who needs to set flag `--crd` to customize the CRD files required for Karmada initialization when using `karmadactl init` to set up Karmada can manually inspect the CRD files to check whether they contain sequences such as `../` that would alter file paths, to determine if they potentially include malicious files. When using karmada-operator to set up Karmada, one must upgrade one\u0027s karmada-operator to one of the fixed versions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56514",
"url": "https://www.suse.com/security/cve/CVE-2024-56514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-10T11:33:29Z",
"details": "moderate"
}
],
"title": "CVE-2024-56514"
},
{
"cve": "CVE-2024-9779",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-9779"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Open Cluster Management (OCM) when a user has access to the worker nodes which contain the cluster-manager or klusterlet deployments. The cluster-manager deployment uses a service account with the same name \"cluster-manager\" which is bound to a ClusterRole also named \"cluster-manager\", which includes the permission to create Pod resources. If this deployment runs a pod on an attacker-controlled node, the attacker can obtain the cluster-manager\u0027s token and steal any service account token by creating and mounting the target service account to control the whole cluster.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-9779",
"url": "https://www.suse.com/security/cve/CVE-2024-9779"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-10T11:33:29Z",
"details": "important"
}
],
"title": "CVE-2024-9779"
},
{
"cve": "CVE-2025-21609",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21609"
}
],
"notes": [
{
"category": "general",
"text": "SiYuan is self-hosted, open source personal knowledge management software. SiYuan Note version 3.1.18 has an arbitrary file deletion vulnerability. The vulnerability exists in the `POST /api/history/getDocHistoryContent` endpoint. An attacker can craft a payload to exploit this vulnerability, resulting in the deletion of arbitrary files on the server. Commit d9887aeec1b27073bec66299a9a4181dc42969f3 fixes this vulnerability and is expected to be available in version 3.1.19.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21609",
"url": "https://www.suse.com/security/cve/CVE-2025-21609"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-10T11:33:29Z",
"details": "critical"
}
],
"title": "CVE-2025-21609"
},
{
"cve": "CVE-2025-21613",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21613"
}
],
"notes": [
{
"category": "general",
"text": "go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only happens when the file transport protocol is being used, as that is the only protocol that shells out to git binaries. This vulnerability is fixed in 5.13.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21613",
"url": "https://www.suse.com/security/cve/CVE-2025-21613"
},
{
"category": "external",
"summary": "SUSE Bug 1235572 for CVE-2025-21613",
"url": "https://bugzilla.suse.com/1235572"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-10T11:33:29Z",
"details": "important"
}
],
"title": "CVE-2025-21613"
},
{
"cve": "CVE-2025-21614",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21614"
}
],
"notes": [
{
"category": "general",
"text": "go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Users running versions of go-git from v4 and above are recommended to upgrade to v5.13 in order to mitigate this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21614",
"url": "https://www.suse.com/security/cve/CVE-2025-21614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-10T11:33:29Z",
"details": "important"
}
],
"title": "CVE-2025-21614"
},
{
"cve": "CVE-2025-22130",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22130"
}
],
"notes": [
{
"category": "general",
"text": "Soft Serve is a self-hostable Git server for the command line. Prior to 0.8.2 , a path traversal attack allows existing non-admin users to access and take over other user\u0027s repositories. A malicious user then can modify, delete, and arbitrarily repositories as if they were an admin user without explicitly giving them permissions. This is patched in v0.8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22130",
"url": "https://www.suse.com/security/cve/CVE-2025-22130"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch",
"openSUSE Leap 15.6:govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-10T11:33:29Z",
"details": "moderate"
}
],
"title": "CVE-2025-22130"
}
]
}
SUSE-SU-2025:02581-1
Vulnerability from csaf_suse - Published: 2025-07-31 12:34 - Updated: 2025-07-31 12:34| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:kubevirt-manifests-1.5.2-150700.3.5.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:kubevirt-manifests-1.5.2-150700.3.5.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:kubevirt-virtctl-1.5.2-150700.3.5.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:kubevirt-virtctl-1.5.2-150700.3.5.2.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:kubevirt-manifests-1.5.2-150700.3.5.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:kubevirt-manifests-1.5.2-150700.3.5.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:kubevirt-virtctl-1.5.2-150700.3.5.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:kubevirt-virtctl-1.5.2-150700.3.5.2.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues:\n\nUpdate to version 1.5.2\n\n- Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.5.2\n- bsc#1234537 (CVE-2024-45337), bsc#1235303 (CVE-2024-45338), bsc#1244486\n\n\n- Add LABEL with support level\n- Drop packages: iptables and lsscsi\n- Enable aarch64 build (jsc#PED-10545)\n- Fix missing virtio-gpu packages missing from the aarch64 images (bsc#1237270)\n- Fix ovmf firmware path for SEV(ES) VMs (bsc#1232762)\n- Install psmisc (provides killall for tests)\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2581,SUSE-SLE-Module-Containers-15-SP7-2025-2581",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02581-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02581-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502581-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02581-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-July/040990.html"
},
{
"category": "self",
"summary": "SUSE Bug 1232762",
"url": "https://bugzilla.suse.com/1232762"
},
{
"category": "self",
"summary": "SUSE Bug 1234537",
"url": "https://bugzilla.suse.com/1234537"
},
{
"category": "self",
"summary": "SUSE Bug 1235303",
"url": "https://bugzilla.suse.com/1235303"
},
{
"category": "self",
"summary": "SUSE Bug 1237270",
"url": "https://bugzilla.suse.com/1237270"
},
{
"category": "self",
"summary": "SUSE Bug 1244486",
"url": "https://bugzilla.suse.com/1244486"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45337 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45337/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45338 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45338/"
}
],
"title": "Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container",
"tracking": {
"current_release_date": "2025-07-31T12:34:43Z",
"generator": {
"date": "2025-07-31T12:34:43Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02581-1",
"initial_release_date": "2025-07-31T12:34:43Z",
"revision_history": [
{
"date": "2025-07-31T12:34:43Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kubevirt-container-disk-1.5.2-150700.3.5.2.aarch64",
"product": {
"name": "kubevirt-container-disk-1.5.2-150700.3.5.2.aarch64",
"product_id": "kubevirt-container-disk-1.5.2-150700.3.5.2.aarch64"
}
},
{
"category": "product_version",
"name": "kubevirt-manifests-1.5.2-150700.3.5.2.aarch64",
"product": {
"name": "kubevirt-manifests-1.5.2-150700.3.5.2.aarch64",
"product_id": "kubevirt-manifests-1.5.2-150700.3.5.2.aarch64"
}
},
{
"category": "product_version",
"name": "kubevirt-pr-helper-conf-1.5.2-150700.3.5.2.aarch64",
"product": {
"name": "kubevirt-pr-helper-conf-1.5.2-150700.3.5.2.aarch64",
"product_id": "kubevirt-pr-helper-conf-1.5.2-150700.3.5.2.aarch64"
}
},
{
"category": "product_version",
"name": "kubevirt-tests-1.5.2-150700.3.5.2.aarch64",
"product": {
"name": "kubevirt-tests-1.5.2-150700.3.5.2.aarch64",
"product_id": "kubevirt-tests-1.5.2-150700.3.5.2.aarch64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-api-1.5.2-150700.3.5.2.aarch64",
"product": {
"name": "kubevirt-virt-api-1.5.2-150700.3.5.2.aarch64",
"product_id": "kubevirt-virt-api-1.5.2-150700.3.5.2.aarch64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-controller-1.5.2-150700.3.5.2.aarch64",
"product": {
"name": "kubevirt-virt-controller-1.5.2-150700.3.5.2.aarch64",
"product_id": "kubevirt-virt-controller-1.5.2-150700.3.5.2.aarch64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-exportproxy-1.5.2-150700.3.5.2.aarch64",
"product": {
"name": "kubevirt-virt-exportproxy-1.5.2-150700.3.5.2.aarch64",
"product_id": "kubevirt-virt-exportproxy-1.5.2-150700.3.5.2.aarch64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-exportserver-1.5.2-150700.3.5.2.aarch64",
"product": {
"name": "kubevirt-virt-exportserver-1.5.2-150700.3.5.2.aarch64",
"product_id": "kubevirt-virt-exportserver-1.5.2-150700.3.5.2.aarch64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-handler-1.5.2-150700.3.5.2.aarch64",
"product": {
"name": "kubevirt-virt-handler-1.5.2-150700.3.5.2.aarch64",
"product_id": "kubevirt-virt-handler-1.5.2-150700.3.5.2.aarch64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-launcher-1.5.2-150700.3.5.2.aarch64",
"product": {
"name": "kubevirt-virt-launcher-1.5.2-150700.3.5.2.aarch64",
"product_id": "kubevirt-virt-launcher-1.5.2-150700.3.5.2.aarch64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-operator-1.5.2-150700.3.5.2.aarch64",
"product": {
"name": "kubevirt-virt-operator-1.5.2-150700.3.5.2.aarch64",
"product_id": "kubevirt-virt-operator-1.5.2-150700.3.5.2.aarch64"
}
},
{
"category": "product_version",
"name": "kubevirt-virtctl-1.5.2-150700.3.5.2.aarch64",
"product": {
"name": "kubevirt-virtctl-1.5.2-150700.3.5.2.aarch64",
"product_id": "kubevirt-virtctl-1.5.2-150700.3.5.2.aarch64"
}
},
{
"category": "product_version",
"name": "obs-service-kubevirt_containers_meta-1.5.2-150700.3.5.2.aarch64",
"product": {
"name": "obs-service-kubevirt_containers_meta-1.5.2-150700.3.5.2.aarch64",
"product_id": "obs-service-kubevirt_containers_meta-1.5.2-150700.3.5.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kubevirt-container-disk-1.5.2-150700.3.5.2.x86_64",
"product": {
"name": "kubevirt-container-disk-1.5.2-150700.3.5.2.x86_64",
"product_id": "kubevirt-container-disk-1.5.2-150700.3.5.2.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-manifests-1.5.2-150700.3.5.2.x86_64",
"product": {
"name": "kubevirt-manifests-1.5.2-150700.3.5.2.x86_64",
"product_id": "kubevirt-manifests-1.5.2-150700.3.5.2.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-pr-helper-conf-1.5.2-150700.3.5.2.x86_64",
"product": {
"name": "kubevirt-pr-helper-conf-1.5.2-150700.3.5.2.x86_64",
"product_id": "kubevirt-pr-helper-conf-1.5.2-150700.3.5.2.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-tests-1.5.2-150700.3.5.2.x86_64",
"product": {
"name": "kubevirt-tests-1.5.2-150700.3.5.2.x86_64",
"product_id": "kubevirt-tests-1.5.2-150700.3.5.2.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-api-1.5.2-150700.3.5.2.x86_64",
"product": {
"name": "kubevirt-virt-api-1.5.2-150700.3.5.2.x86_64",
"product_id": "kubevirt-virt-api-1.5.2-150700.3.5.2.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-controller-1.5.2-150700.3.5.2.x86_64",
"product": {
"name": "kubevirt-virt-controller-1.5.2-150700.3.5.2.x86_64",
"product_id": "kubevirt-virt-controller-1.5.2-150700.3.5.2.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-exportproxy-1.5.2-150700.3.5.2.x86_64",
"product": {
"name": "kubevirt-virt-exportproxy-1.5.2-150700.3.5.2.x86_64",
"product_id": "kubevirt-virt-exportproxy-1.5.2-150700.3.5.2.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-exportserver-1.5.2-150700.3.5.2.x86_64",
"product": {
"name": "kubevirt-virt-exportserver-1.5.2-150700.3.5.2.x86_64",
"product_id": "kubevirt-virt-exportserver-1.5.2-150700.3.5.2.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-handler-1.5.2-150700.3.5.2.x86_64",
"product": {
"name": "kubevirt-virt-handler-1.5.2-150700.3.5.2.x86_64",
"product_id": "kubevirt-virt-handler-1.5.2-150700.3.5.2.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-launcher-1.5.2-150700.3.5.2.x86_64",
"product": {
"name": "kubevirt-virt-launcher-1.5.2-150700.3.5.2.x86_64",
"product_id": "kubevirt-virt-launcher-1.5.2-150700.3.5.2.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-operator-1.5.2-150700.3.5.2.x86_64",
"product": {
"name": "kubevirt-virt-operator-1.5.2-150700.3.5.2.x86_64",
"product_id": "kubevirt-virt-operator-1.5.2-150700.3.5.2.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virtctl-1.5.2-150700.3.5.2.x86_64",
"product": {
"name": "kubevirt-virtctl-1.5.2-150700.3.5.2.x86_64",
"product_id": "kubevirt-virtctl-1.5.2-150700.3.5.2.x86_64"
}
},
{
"category": "product_version",
"name": "obs-service-kubevirt_containers_meta-1.5.2-150700.3.5.2.x86_64",
"product": {
"name": "obs-service-kubevirt_containers_meta-1.5.2-150700.3.5.2.x86_64",
"product_id": "obs-service-kubevirt_containers_meta-1.5.2-150700.3.5.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-manifests-1.5.2-150700.3.5.2.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP7:kubevirt-manifests-1.5.2-150700.3.5.2.aarch64"
},
"product_reference": "kubevirt-manifests-1.5.2-150700.3.5.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-manifests-1.5.2-150700.3.5.2.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP7:kubevirt-manifests-1.5.2-150700.3.5.2.x86_64"
},
"product_reference": "kubevirt-manifests-1.5.2-150700.3.5.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virtctl-1.5.2-150700.3.5.2.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP7:kubevirt-virtctl-1.5.2-150700.3.5.2.aarch64"
},
"product_reference": "kubevirt-virtctl-1.5.2-150700.3.5.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virtctl-1.5.2-150700.3.5.2.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP7:kubevirt-virtctl-1.5.2-150700.3.5.2.x86_64"
},
"product_reference": "kubevirt-virtctl-1.5.2-150700.3.5.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45337",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45337"
}
],
"notes": [
{
"category": "general",
"text": "Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that \"A call to this function does not guarantee that the key offered is in fact used to authenticate.\" Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/cry...@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP7:kubevirt-manifests-1.5.2-150700.3.5.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP7:kubevirt-manifests-1.5.2-150700.3.5.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP7:kubevirt-virtctl-1.5.2-150700.3.5.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP7:kubevirt-virtctl-1.5.2-150700.3.5.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45337",
"url": "https://www.suse.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "SUSE Bug 1234482 for CVE-2024-45337",
"url": "https://bugzilla.suse.com/1234482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP7:kubevirt-manifests-1.5.2-150700.3.5.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP7:kubevirt-manifests-1.5.2-150700.3.5.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP7:kubevirt-virtctl-1.5.2-150700.3.5.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP7:kubevirt-virtctl-1.5.2-150700.3.5.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP7:kubevirt-manifests-1.5.2-150700.3.5.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP7:kubevirt-manifests-1.5.2-150700.3.5.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP7:kubevirt-virtctl-1.5.2-150700.3.5.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP7:kubevirt-virtctl-1.5.2-150700.3.5.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-31T12:34:43Z",
"details": "important"
}
],
"title": "CVE-2024-45337"
},
{
"cve": "CVE-2024-45338",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45338"
}
],
"notes": [
{
"category": "general",
"text": "An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP7:kubevirt-manifests-1.5.2-150700.3.5.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP7:kubevirt-manifests-1.5.2-150700.3.5.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP7:kubevirt-virtctl-1.5.2-150700.3.5.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP7:kubevirt-virtctl-1.5.2-150700.3.5.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45338",
"url": "https://www.suse.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "SUSE Bug 1234794 for CVE-2024-45338",
"url": "https://bugzilla.suse.com/1234794"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP7:kubevirt-manifests-1.5.2-150700.3.5.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP7:kubevirt-manifests-1.5.2-150700.3.5.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP7:kubevirt-virtctl-1.5.2-150700.3.5.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP7:kubevirt-virtctl-1.5.2-150700.3.5.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP7:kubevirt-manifests-1.5.2-150700.3.5.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP7:kubevirt-manifests-1.5.2-150700.3.5.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP7:kubevirt-virtctl-1.5.2-150700.3.5.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP7:kubevirt-virtctl-1.5.2-150700.3.5.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-31T12:34:43Z",
"details": "moderate"
}
],
"title": "CVE-2024-45338"
}
]
}
SUSE-SU-2025:03278-1
Vulnerability from csaf_suse - Published: 2025-09-19 13:42 - Updated: 2025-09-19 13:42| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-manifests-1.4.1-150600.5.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-manifests-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-virtctl-1.4.1-150600.5.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-virtctl-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:kubevirt-container-disk-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:kubevirt-manifests-1.4.1-150600.5.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:kubevirt-manifests-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:kubevirt-pr-helper-conf-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:kubevirt-tests-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:kubevirt-virt-api-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:kubevirt-virt-controller-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:kubevirt-virt-exportproxy-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:kubevirt-virt-exportserver-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:kubevirt-virt-handler-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:kubevirt-virt-launcher-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:kubevirt-virt-operator-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:kubevirt-virtctl-1.4.1-150600.5.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:kubevirt-virtctl-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:obs-service-kubevirt_containers_meta-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-manifests-1.4.1-150600.5.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-manifests-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-virtctl-1.4.1-150600.5.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-virtctl-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:kubevirt-container-disk-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:kubevirt-manifests-1.4.1-150600.5.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:kubevirt-manifests-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:kubevirt-pr-helper-conf-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:kubevirt-tests-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:kubevirt-virt-api-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:kubevirt-virt-controller-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:kubevirt-virt-exportproxy-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:kubevirt-virt-exportserver-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:kubevirt-virt-handler-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:kubevirt-virt-launcher-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:kubevirt-virt-operator-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:kubevirt-virtctl-1.4.1-150600.5.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:kubevirt-virtctl-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:obs-service-kubevirt_containers_meta-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-manifests-1.4.1-150600.5.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-manifests-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-virtctl-1.4.1-150600.5.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-virtctl-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:kubevirt-container-disk-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:kubevirt-manifests-1.4.1-150600.5.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:kubevirt-manifests-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:kubevirt-pr-helper-conf-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:kubevirt-tests-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:kubevirt-virt-api-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:kubevirt-virt-controller-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:kubevirt-virt-exportproxy-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:kubevirt-virt-exportserver-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:kubevirt-virt-handler-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:kubevirt-virt-launcher-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:kubevirt-virt-operator-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:kubevirt-virtctl-1.4.1-150600.5.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:kubevirt-virtctl-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:obs-service-kubevirt_containers_meta-1.4.1-150600.5.24.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues:\n\nThis update for kubevirt updates golang.org/x/net to 0.38.0, fixing security issues (CVE-2025-22872, CVE-2024-45337, CVE-2024-45338, bsc#1234537, bsc#1235303, bsc#1241772)\nand also rebuilds it against current GO.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3278,SUSE-SLE-Module-Containers-15-SP6-2025-3278,openSUSE-SLE-15.6-2025-3278",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_03278-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:03278-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202503278-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:03278-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-September/041779.html"
},
{
"category": "self",
"summary": "SUSE Bug 1234537",
"url": "https://bugzilla.suse.com/1234537"
},
{
"category": "self",
"summary": "SUSE Bug 1235303",
"url": "https://bugzilla.suse.com/1235303"
},
{
"category": "self",
"summary": "SUSE Bug 1241772",
"url": "https://bugzilla.suse.com/1241772"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45337 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45337/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45338 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45338/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22872 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22872/"
}
],
"title": "Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container",
"tracking": {
"current_release_date": "2025-09-19T13:42:08Z",
"generator": {
"date": "2025-09-19T13:42:08Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:03278-1",
"initial_release_date": "2025-09-19T13:42:08Z",
"revision_history": [
{
"date": "2025-09-19T13:42:08Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kubevirt-container-disk-1.4.1-150600.5.24.1.aarch64",
"product": {
"name": "kubevirt-container-disk-1.4.1-150600.5.24.1.aarch64",
"product_id": "kubevirt-container-disk-1.4.1-150600.5.24.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubevirt-manifests-1.4.1-150600.5.24.1.aarch64",
"product": {
"name": "kubevirt-manifests-1.4.1-150600.5.24.1.aarch64",
"product_id": "kubevirt-manifests-1.4.1-150600.5.24.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubevirt-pr-helper-conf-1.4.1-150600.5.24.1.aarch64",
"product": {
"name": "kubevirt-pr-helper-conf-1.4.1-150600.5.24.1.aarch64",
"product_id": "kubevirt-pr-helper-conf-1.4.1-150600.5.24.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubevirt-tests-1.4.1-150600.5.24.1.aarch64",
"product": {
"name": "kubevirt-tests-1.4.1-150600.5.24.1.aarch64",
"product_id": "kubevirt-tests-1.4.1-150600.5.24.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-api-1.4.1-150600.5.24.1.aarch64",
"product": {
"name": "kubevirt-virt-api-1.4.1-150600.5.24.1.aarch64",
"product_id": "kubevirt-virt-api-1.4.1-150600.5.24.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-controller-1.4.1-150600.5.24.1.aarch64",
"product": {
"name": "kubevirt-virt-controller-1.4.1-150600.5.24.1.aarch64",
"product_id": "kubevirt-virt-controller-1.4.1-150600.5.24.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-exportproxy-1.4.1-150600.5.24.1.aarch64",
"product": {
"name": "kubevirt-virt-exportproxy-1.4.1-150600.5.24.1.aarch64",
"product_id": "kubevirt-virt-exportproxy-1.4.1-150600.5.24.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-exportserver-1.4.1-150600.5.24.1.aarch64",
"product": {
"name": "kubevirt-virt-exportserver-1.4.1-150600.5.24.1.aarch64",
"product_id": "kubevirt-virt-exportserver-1.4.1-150600.5.24.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-handler-1.4.1-150600.5.24.1.aarch64",
"product": {
"name": "kubevirt-virt-handler-1.4.1-150600.5.24.1.aarch64",
"product_id": "kubevirt-virt-handler-1.4.1-150600.5.24.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-launcher-1.4.1-150600.5.24.1.aarch64",
"product": {
"name": "kubevirt-virt-launcher-1.4.1-150600.5.24.1.aarch64",
"product_id": "kubevirt-virt-launcher-1.4.1-150600.5.24.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-operator-1.4.1-150600.5.24.1.aarch64",
"product": {
"name": "kubevirt-virt-operator-1.4.1-150600.5.24.1.aarch64",
"product_id": "kubevirt-virt-operator-1.4.1-150600.5.24.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubevirt-virtctl-1.4.1-150600.5.24.1.aarch64",
"product": {
"name": "kubevirt-virtctl-1.4.1-150600.5.24.1.aarch64",
"product_id": "kubevirt-virtctl-1.4.1-150600.5.24.1.aarch64"
}
},
{
"category": "product_version",
"name": "obs-service-kubevirt_containers_meta-1.4.1-150600.5.24.1.aarch64",
"product": {
"name": "obs-service-kubevirt_containers_meta-1.4.1-150600.5.24.1.aarch64",
"product_id": "obs-service-kubevirt_containers_meta-1.4.1-150600.5.24.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kubevirt-container-disk-1.4.1-150600.5.24.1.x86_64",
"product": {
"name": "kubevirt-container-disk-1.4.1-150600.5.24.1.x86_64",
"product_id": "kubevirt-container-disk-1.4.1-150600.5.24.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-manifests-1.4.1-150600.5.24.1.x86_64",
"product": {
"name": "kubevirt-manifests-1.4.1-150600.5.24.1.x86_64",
"product_id": "kubevirt-manifests-1.4.1-150600.5.24.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-pr-helper-conf-1.4.1-150600.5.24.1.x86_64",
"product": {
"name": "kubevirt-pr-helper-conf-1.4.1-150600.5.24.1.x86_64",
"product_id": "kubevirt-pr-helper-conf-1.4.1-150600.5.24.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-tests-1.4.1-150600.5.24.1.x86_64",
"product": {
"name": "kubevirt-tests-1.4.1-150600.5.24.1.x86_64",
"product_id": "kubevirt-tests-1.4.1-150600.5.24.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-api-1.4.1-150600.5.24.1.x86_64",
"product": {
"name": "kubevirt-virt-api-1.4.1-150600.5.24.1.x86_64",
"product_id": "kubevirt-virt-api-1.4.1-150600.5.24.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-controller-1.4.1-150600.5.24.1.x86_64",
"product": {
"name": "kubevirt-virt-controller-1.4.1-150600.5.24.1.x86_64",
"product_id": "kubevirt-virt-controller-1.4.1-150600.5.24.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-exportproxy-1.4.1-150600.5.24.1.x86_64",
"product": {
"name": "kubevirt-virt-exportproxy-1.4.1-150600.5.24.1.x86_64",
"product_id": "kubevirt-virt-exportproxy-1.4.1-150600.5.24.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-exportserver-1.4.1-150600.5.24.1.x86_64",
"product": {
"name": "kubevirt-virt-exportserver-1.4.1-150600.5.24.1.x86_64",
"product_id": "kubevirt-virt-exportserver-1.4.1-150600.5.24.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-handler-1.4.1-150600.5.24.1.x86_64",
"product": {
"name": "kubevirt-virt-handler-1.4.1-150600.5.24.1.x86_64",
"product_id": "kubevirt-virt-handler-1.4.1-150600.5.24.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-launcher-1.4.1-150600.5.24.1.x86_64",
"product": {
"name": "kubevirt-virt-launcher-1.4.1-150600.5.24.1.x86_64",
"product_id": "kubevirt-virt-launcher-1.4.1-150600.5.24.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-operator-1.4.1-150600.5.24.1.x86_64",
"product": {
"name": "kubevirt-virt-operator-1.4.1-150600.5.24.1.x86_64",
"product_id": "kubevirt-virt-operator-1.4.1-150600.5.24.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virtctl-1.4.1-150600.5.24.1.x86_64",
"product": {
"name": "kubevirt-virtctl-1.4.1-150600.5.24.1.x86_64",
"product_id": "kubevirt-virtctl-1.4.1-150600.5.24.1.x86_64"
}
},
{
"category": "product_version",
"name": "obs-service-kubevirt_containers_meta-1.4.1-150600.5.24.1.x86_64",
"product": {
"name": "obs-service-kubevirt_containers_meta-1.4.1-150600.5.24.1.x86_64",
"product_id": "obs-service-kubevirt_containers_meta-1.4.1-150600.5.24.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-manifests-1.4.1-150600.5.24.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-manifests-1.4.1-150600.5.24.1.aarch64"
},
"product_reference": "kubevirt-manifests-1.4.1-150600.5.24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-manifests-1.4.1-150600.5.24.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-manifests-1.4.1-150600.5.24.1.x86_64"
},
"product_reference": "kubevirt-manifests-1.4.1-150600.5.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virtctl-1.4.1-150600.5.24.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-virtctl-1.4.1-150600.5.24.1.aarch64"
},
"product_reference": "kubevirt-virtctl-1.4.1-150600.5.24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virtctl-1.4.1-150600.5.24.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-virtctl-1.4.1-150600.5.24.1.x86_64"
},
"product_reference": "kubevirt-virtctl-1.4.1-150600.5.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-container-disk-1.4.1-150600.5.24.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kubevirt-container-disk-1.4.1-150600.5.24.1.x86_64"
},
"product_reference": "kubevirt-container-disk-1.4.1-150600.5.24.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-manifests-1.4.1-150600.5.24.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kubevirt-manifests-1.4.1-150600.5.24.1.aarch64"
},
"product_reference": "kubevirt-manifests-1.4.1-150600.5.24.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-manifests-1.4.1-150600.5.24.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kubevirt-manifests-1.4.1-150600.5.24.1.x86_64"
},
"product_reference": "kubevirt-manifests-1.4.1-150600.5.24.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-pr-helper-conf-1.4.1-150600.5.24.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kubevirt-pr-helper-conf-1.4.1-150600.5.24.1.x86_64"
},
"product_reference": "kubevirt-pr-helper-conf-1.4.1-150600.5.24.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-tests-1.4.1-150600.5.24.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kubevirt-tests-1.4.1-150600.5.24.1.x86_64"
},
"product_reference": "kubevirt-tests-1.4.1-150600.5.24.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-api-1.4.1-150600.5.24.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kubevirt-virt-api-1.4.1-150600.5.24.1.x86_64"
},
"product_reference": "kubevirt-virt-api-1.4.1-150600.5.24.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-controller-1.4.1-150600.5.24.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kubevirt-virt-controller-1.4.1-150600.5.24.1.x86_64"
},
"product_reference": "kubevirt-virt-controller-1.4.1-150600.5.24.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-exportproxy-1.4.1-150600.5.24.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kubevirt-virt-exportproxy-1.4.1-150600.5.24.1.x86_64"
},
"product_reference": "kubevirt-virt-exportproxy-1.4.1-150600.5.24.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-exportserver-1.4.1-150600.5.24.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kubevirt-virt-exportserver-1.4.1-150600.5.24.1.x86_64"
},
"product_reference": "kubevirt-virt-exportserver-1.4.1-150600.5.24.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-handler-1.4.1-150600.5.24.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kubevirt-virt-handler-1.4.1-150600.5.24.1.x86_64"
},
"product_reference": "kubevirt-virt-handler-1.4.1-150600.5.24.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-launcher-1.4.1-150600.5.24.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kubevirt-virt-launcher-1.4.1-150600.5.24.1.x86_64"
},
"product_reference": "kubevirt-virt-launcher-1.4.1-150600.5.24.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-operator-1.4.1-150600.5.24.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kubevirt-virt-operator-1.4.1-150600.5.24.1.x86_64"
},
"product_reference": "kubevirt-virt-operator-1.4.1-150600.5.24.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virtctl-1.4.1-150600.5.24.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kubevirt-virtctl-1.4.1-150600.5.24.1.aarch64"
},
"product_reference": "kubevirt-virtctl-1.4.1-150600.5.24.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virtctl-1.4.1-150600.5.24.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kubevirt-virtctl-1.4.1-150600.5.24.1.x86_64"
},
"product_reference": "kubevirt-virtctl-1.4.1-150600.5.24.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "obs-service-kubevirt_containers_meta-1.4.1-150600.5.24.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:obs-service-kubevirt_containers_meta-1.4.1-150600.5.24.1.x86_64"
},
"product_reference": "obs-service-kubevirt_containers_meta-1.4.1-150600.5.24.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45337",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45337"
}
],
"notes": [
{
"category": "general",
"text": "Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that \"A call to this function does not guarantee that the key offered is in fact used to authenticate.\" Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/cry...@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-manifests-1.4.1-150600.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-manifests-1.4.1-150600.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-virtctl-1.4.1-150600.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-virtctl-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-container-disk-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-manifests-1.4.1-150600.5.24.1.aarch64",
"openSUSE Leap 15.6:kubevirt-manifests-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-pr-helper-conf-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-tests-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-api-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-controller-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-exportproxy-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-exportserver-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-handler-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-launcher-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-operator-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virtctl-1.4.1-150600.5.24.1.aarch64",
"openSUSE Leap 15.6:kubevirt-virtctl-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:obs-service-kubevirt_containers_meta-1.4.1-150600.5.24.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45337",
"url": "https://www.suse.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "SUSE Bug 1234482 for CVE-2024-45337",
"url": "https://bugzilla.suse.com/1234482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-manifests-1.4.1-150600.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-manifests-1.4.1-150600.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-virtctl-1.4.1-150600.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-virtctl-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-container-disk-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-manifests-1.4.1-150600.5.24.1.aarch64",
"openSUSE Leap 15.6:kubevirt-manifests-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-pr-helper-conf-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-tests-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-api-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-controller-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-exportproxy-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-exportserver-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-handler-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-launcher-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-operator-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virtctl-1.4.1-150600.5.24.1.aarch64",
"openSUSE Leap 15.6:kubevirt-virtctl-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:obs-service-kubevirt_containers_meta-1.4.1-150600.5.24.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-manifests-1.4.1-150600.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-manifests-1.4.1-150600.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-virtctl-1.4.1-150600.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-virtctl-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-container-disk-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-manifests-1.4.1-150600.5.24.1.aarch64",
"openSUSE Leap 15.6:kubevirt-manifests-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-pr-helper-conf-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-tests-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-api-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-controller-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-exportproxy-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-exportserver-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-handler-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-launcher-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-operator-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virtctl-1.4.1-150600.5.24.1.aarch64",
"openSUSE Leap 15.6:kubevirt-virtctl-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:obs-service-kubevirt_containers_meta-1.4.1-150600.5.24.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-19T13:42:08Z",
"details": "important"
}
],
"title": "CVE-2024-45337"
},
{
"cve": "CVE-2024-45338",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45338"
}
],
"notes": [
{
"category": "general",
"text": "An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-manifests-1.4.1-150600.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-manifests-1.4.1-150600.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-virtctl-1.4.1-150600.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-virtctl-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-container-disk-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-manifests-1.4.1-150600.5.24.1.aarch64",
"openSUSE Leap 15.6:kubevirt-manifests-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-pr-helper-conf-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-tests-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-api-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-controller-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-exportproxy-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-exportserver-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-handler-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-launcher-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-operator-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virtctl-1.4.1-150600.5.24.1.aarch64",
"openSUSE Leap 15.6:kubevirt-virtctl-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:obs-service-kubevirt_containers_meta-1.4.1-150600.5.24.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45338",
"url": "https://www.suse.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "SUSE Bug 1234794 for CVE-2024-45338",
"url": "https://bugzilla.suse.com/1234794"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-manifests-1.4.1-150600.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-manifests-1.4.1-150600.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-virtctl-1.4.1-150600.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-virtctl-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-container-disk-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-manifests-1.4.1-150600.5.24.1.aarch64",
"openSUSE Leap 15.6:kubevirt-manifests-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-pr-helper-conf-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-tests-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-api-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-controller-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-exportproxy-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-exportserver-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-handler-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-launcher-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-operator-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virtctl-1.4.1-150600.5.24.1.aarch64",
"openSUSE Leap 15.6:kubevirt-virtctl-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:obs-service-kubevirt_containers_meta-1.4.1-150600.5.24.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-manifests-1.4.1-150600.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-manifests-1.4.1-150600.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-virtctl-1.4.1-150600.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-virtctl-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-container-disk-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-manifests-1.4.1-150600.5.24.1.aarch64",
"openSUSE Leap 15.6:kubevirt-manifests-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-pr-helper-conf-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-tests-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-api-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-controller-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-exportproxy-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-exportserver-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-handler-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-launcher-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-operator-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virtctl-1.4.1-150600.5.24.1.aarch64",
"openSUSE Leap 15.6:kubevirt-virtctl-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:obs-service-kubevirt_containers_meta-1.4.1-150600.5.24.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-19T13:42:08Z",
"details": "moderate"
}
],
"title": "CVE-2024-45338"
},
{
"cve": "CVE-2025-22872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22872"
}
],
"notes": [
{
"category": "general",
"text": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-manifests-1.4.1-150600.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-manifests-1.4.1-150600.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-virtctl-1.4.1-150600.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-virtctl-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-container-disk-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-manifests-1.4.1-150600.5.24.1.aarch64",
"openSUSE Leap 15.6:kubevirt-manifests-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-pr-helper-conf-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-tests-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-api-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-controller-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-exportproxy-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-exportserver-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-handler-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-launcher-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-operator-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virtctl-1.4.1-150600.5.24.1.aarch64",
"openSUSE Leap 15.6:kubevirt-virtctl-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:obs-service-kubevirt_containers_meta-1.4.1-150600.5.24.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22872",
"url": "https://www.suse.com/security/cve/CVE-2025-22872"
},
{
"category": "external",
"summary": "SUSE Bug 1241710 for CVE-2025-22872",
"url": "https://bugzilla.suse.com/1241710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-manifests-1.4.1-150600.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-manifests-1.4.1-150600.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-virtctl-1.4.1-150600.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-virtctl-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-container-disk-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-manifests-1.4.1-150600.5.24.1.aarch64",
"openSUSE Leap 15.6:kubevirt-manifests-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-pr-helper-conf-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-tests-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-api-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-controller-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-exportproxy-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-exportserver-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-handler-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-launcher-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-operator-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virtctl-1.4.1-150600.5.24.1.aarch64",
"openSUSE Leap 15.6:kubevirt-virtctl-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:obs-service-kubevirt_containers_meta-1.4.1-150600.5.24.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-manifests-1.4.1-150600.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-manifests-1.4.1-150600.5.24.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-virtctl-1.4.1-150600.5.24.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:kubevirt-virtctl-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-container-disk-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-manifests-1.4.1-150600.5.24.1.aarch64",
"openSUSE Leap 15.6:kubevirt-manifests-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-pr-helper-conf-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-tests-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-api-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-controller-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-exportproxy-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-exportserver-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-handler-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-launcher-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virt-operator-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:kubevirt-virtctl-1.4.1-150600.5.24.1.aarch64",
"openSUSE Leap 15.6:kubevirt-virtctl-1.4.1-150600.5.24.1.x86_64",
"openSUSE Leap 15.6:obs-service-kubevirt_containers_meta-1.4.1-150600.5.24.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-19T13:42:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-22872"
}
]
}
SUSE-SU-2025:0602-1
Vulnerability from csaf_suse - Published: 2025-02-20 09:15 - Updated: 2025-02-20 09:15| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:helm-3.17.1-150000.1.41.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:helm-3.17.1-150000.1.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:helm-bash-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:helm-zsh-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:helm-3.17.1-150000.1.41.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:helm-3.17.1-150000.1.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:helm-bash-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:helm-3.17.1-150000.1.41.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:helm-3.17.1-150000.1.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:helm-bash-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:helm-3.17.1-150000.1.41.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:helm-3.17.1-150000.1.41.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:helm-3.17.1-150000.1.41.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:helm-3.17.1-150000.1.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:helm-bash-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.17.1-150000.1.41.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.17.1-150000.1.41.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.17.1-150000.1.41.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.17.1-150000.1.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:helm-bash-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:helm-zsh-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:helm-fish-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:helm-3.17.1-150000.1.41.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:helm-3.17.1-150000.1.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:helm-bash-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:helm-zsh-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:helm-3.17.1-150000.1.41.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:helm-3.17.1-150000.1.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:helm-bash-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:helm-zsh-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:helm-3.17.1-150000.1.41.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:helm-3.17.1-150000.1.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:helm-bash-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:helm-zsh-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:helm-3.17.1-150000.1.41.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:helm-3.17.1-150000.1.41.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:helm-3.17.1-150000.1.41.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:helm-3.17.1-150000.1.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:helm-bash-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:helm-fish-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:helm-zsh-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:helm-3.17.1-150000.1.41.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:helm-3.17.1-150000.1.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:helm-bash-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:helm-zsh-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:helm-3.17.1-150000.1.41.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:helm-3.17.1-150000.1.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:helm-bash-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:helm-3.17.1-150000.1.41.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:helm-3.17.1-150000.1.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:helm-bash-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:helm-3.17.1-150000.1.41.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:helm-3.17.1-150000.1.41.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:helm-3.17.1-150000.1.41.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:helm-3.17.1-150000.1.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:helm-bash-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.17.1-150000.1.41.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.17.1-150000.1.41.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.17.1-150000.1.41.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.17.1-150000.1.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:helm-bash-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:helm-zsh-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:helm-fish-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:helm-3.17.1-150000.1.41.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:helm-3.17.1-150000.1.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:helm-bash-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:helm-zsh-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:helm-3.17.1-150000.1.41.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:helm-3.17.1-150000.1.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:helm-bash-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:helm-zsh-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:helm-3.17.1-150000.1.41.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:helm-3.17.1-150000.1.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:helm-bash-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:helm-zsh-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:helm-3.17.1-150000.1.41.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:helm-3.17.1-150000.1.41.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:helm-3.17.1-150000.1.41.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:helm-3.17.1-150000.1.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:helm-bash-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:helm-fish-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:helm-zsh-completion-3.17.1-150000.1.41.1.noarch | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for helm",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for helm fixes the following issues:\n\nUpdate to version 3.17.1:\n\n- CVE-2024-45338: Fixed denial of service due to non-linear parsing of case-insensitive content (bsc#1235318).\n- CVE-2024-45337: Fixed misuse of ServerConfig.PublicKeyCallback to prevent authorization bypass in golang.org/x/crypto (bsc#1234482).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-602,SUSE-SLE-Micro-5.5-2025-602,SUSE-SLE-Module-Containers-15-SP6-2025-602,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-602,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-602,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-602,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-602,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-602,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-602,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-602,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-602,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-602,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-602,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-602,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-602,SUSE-Storage-7.1-2025-602,openSUSE-SLE-15.6-2025-602",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0602-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0602-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250602-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0602-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020384.html"
},
{
"category": "self",
"summary": "SUSE Bug 1234482",
"url": "https://bugzilla.suse.com/1234482"
},
{
"category": "self",
"summary": "SUSE Bug 1235318",
"url": "https://bugzilla.suse.com/1235318"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45337 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45337/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45338 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45338/"
}
],
"title": "Security update for helm",
"tracking": {
"current_release_date": "2025-02-20T09:15:28Z",
"generator": {
"date": "2025-02-20T09:15:28Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0602-1",
"initial_release_date": "2025-02-20T09:15:28Z",
"revision_history": [
{
"date": "2025-02-20T09:15:28Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "helm-3.17.1-150000.1.41.1.aarch64",
"product": {
"name": "helm-3.17.1-150000.1.41.1.aarch64",
"product_id": "helm-3.17.1-150000.1.41.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-3.17.1-150000.1.41.1.i586",
"product": {
"name": "helm-3.17.1-150000.1.41.1.i586",
"product_id": "helm-3.17.1-150000.1.41.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"product": {
"name": "helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"product_id": "helm-bash-completion-3.17.1-150000.1.41.1.noarch"
}
},
{
"category": "product_version",
"name": "helm-fish-completion-3.17.1-150000.1.41.1.noarch",
"product": {
"name": "helm-fish-completion-3.17.1-150000.1.41.1.noarch",
"product_id": "helm-fish-completion-3.17.1-150000.1.41.1.noarch"
}
},
{
"category": "product_version",
"name": "helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"product": {
"name": "helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"product_id": "helm-zsh-completion-3.17.1-150000.1.41.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-3.17.1-150000.1.41.1.ppc64le",
"product": {
"name": "helm-3.17.1-150000.1.41.1.ppc64le",
"product_id": "helm-3.17.1-150000.1.41.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-3.17.1-150000.1.41.1.s390x",
"product": {
"name": "helm-3.17.1-150000.1.41.1.s390x",
"product_id": "helm-3.17.1-150000.1.41.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-3.17.1-150000.1.41.1.x86_64",
"product": {
"name": "helm-3.17.1-150000.1.41.1.x86_64",
"product_id": "helm-3.17.1-150000.1.41.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.1-150000.1.41.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:helm-3.17.1-150000.1.41.1.aarch64"
},
"product_reference": "helm-3.17.1-150000.1.41.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.1-150000.1.41.1.ppc64le as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:helm-3.17.1-150000.1.41.1.ppc64le"
},
"product_reference": "helm-3.17.1-150000.1.41.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.1-150000.1.41.1.s390x as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:helm-3.17.1-150000.1.41.1.s390x"
},
"product_reference": "helm-3.17.1-150000.1.41.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.1-150000.1.41.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:helm-3.17.1-150000.1.41.1.x86_64"
},
"product_reference": "helm-3.17.1-150000.1.41.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-bash-completion-3.17.1-150000.1.41.1.noarch as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:helm-bash-completion-3.17.1-150000.1.41.1.noarch"
},
"product_reference": "helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.1-150000.1.41.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.17.1-150000.1.41.1.aarch64"
},
"product_reference": "helm-3.17.1-150000.1.41.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.1-150000.1.41.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.17.1-150000.1.41.1.ppc64le"
},
"product_reference": "helm-3.17.1-150000.1.41.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.1-150000.1.41.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.17.1-150000.1.41.1.s390x"
},
"product_reference": "helm-3.17.1-150000.1.41.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.1-150000.1.41.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.17.1-150000.1.41.1.x86_64"
},
"product_reference": "helm-3.17.1-150000.1.41.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-bash-completion-3.17.1-150000.1.41.1.noarch as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:helm-bash-completion-3.17.1-150000.1.41.1.noarch"
},
"product_reference": "helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-zsh-completion-3.17.1-150000.1.41.1.noarch as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:helm-zsh-completion-3.17.1-150000.1.41.1.noarch"
},
"product_reference": "helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-fish-completion-3.17.1-150000.1.41.1.noarch as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:helm-fish-completion-3.17.1-150000.1.41.1.noarch"
},
"product_reference": "helm-fish-completion-3.17.1-150000.1.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.1-150000.1.41.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.aarch64"
},
"product_reference": "helm-3.17.1-150000.1.41.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.1-150000.1.41.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.x86_64"
},
"product_reference": "helm-3.17.1-150000.1.41.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-bash-completion-3.17.1-150000.1.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch"
},
"product_reference": "helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-zsh-completion-3.17.1-150000.1.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch"
},
"product_reference": "helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.1-150000.1.41.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:helm-3.17.1-150000.1.41.1.aarch64"
},
"product_reference": "helm-3.17.1-150000.1.41.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.1-150000.1.41.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:helm-3.17.1-150000.1.41.1.x86_64"
},
"product_reference": "helm-3.17.1-150000.1.41.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-bash-completion-3.17.1-150000.1.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:helm-bash-completion-3.17.1-150000.1.41.1.noarch"
},
"product_reference": "helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-zsh-completion-3.17.1-150000.1.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch"
},
"product_reference": "helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.1-150000.1.41.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.aarch64"
},
"product_reference": "helm-3.17.1-150000.1.41.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.1-150000.1.41.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.x86_64"
},
"product_reference": "helm-3.17.1-150000.1.41.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-bash-completion-3.17.1-150000.1.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch"
},
"product_reference": "helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-zsh-completion-3.17.1-150000.1.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch"
},
"product_reference": "helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.1-150000.1.41.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:helm-3.17.1-150000.1.41.1.aarch64"
},
"product_reference": "helm-3.17.1-150000.1.41.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.1-150000.1.41.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:helm-3.17.1-150000.1.41.1.x86_64"
},
"product_reference": "helm-3.17.1-150000.1.41.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-bash-completion-3.17.1-150000.1.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:helm-bash-completion-3.17.1-150000.1.41.1.noarch"
},
"product_reference": "helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-zsh-completion-3.17.1-150000.1.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch"
},
"product_reference": "helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.1-150000.1.41.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.aarch64"
},
"product_reference": "helm-3.17.1-150000.1.41.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.1-150000.1.41.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.x86_64"
},
"product_reference": "helm-3.17.1-150000.1.41.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-bash-completion-3.17.1-150000.1.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch"
},
"product_reference": "helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-zsh-completion-3.17.1-150000.1.41.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch"
},
"product_reference": "helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.1-150000.1.41.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.aarch64"
},
"product_reference": "helm-3.17.1-150000.1.41.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.1-150000.1.41.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.ppc64le"
},
"product_reference": "helm-3.17.1-150000.1.41.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.1-150000.1.41.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.s390x"
},
"product_reference": "helm-3.17.1-150000.1.41.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.1-150000.1.41.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.x86_64"
},
"product_reference": "helm-3.17.1-150000.1.41.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-bash-completion-3.17.1-150000.1.41.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch"
},
"product_reference": "helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-zsh-completion-3.17.1-150000.1.41.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch"
},
"product_reference": "helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.1-150000.1.41.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.aarch64"
},
"product_reference": "helm-3.17.1-150000.1.41.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.1-150000.1.41.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.ppc64le"
},
"product_reference": "helm-3.17.1-150000.1.41.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.1-150000.1.41.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.s390x"
},
"product_reference": "helm-3.17.1-150000.1.41.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.1-150000.1.41.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.x86_64"
},
"product_reference": "helm-3.17.1-150000.1.41.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-bash-completion-3.17.1-150000.1.41.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch"
},
"product_reference": "helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-zsh-completion-3.17.1-150000.1.41.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch"
},
"product_reference": "helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.1-150000.1.41.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.aarch64"
},
"product_reference": "helm-3.17.1-150000.1.41.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.1-150000.1.41.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.ppc64le"
},
"product_reference": "helm-3.17.1-150000.1.41.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.1-150000.1.41.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.s390x"
},
"product_reference": "helm-3.17.1-150000.1.41.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.1-150000.1.41.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.x86_64"
},
"product_reference": "helm-3.17.1-150000.1.41.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-bash-completion-3.17.1-150000.1.41.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch"
},
"product_reference": "helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-zsh-completion-3.17.1-150000.1.41.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch"
},
"product_reference": "helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.1-150000.1.41.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:helm-3.17.1-150000.1.41.1.ppc64le"
},
"product_reference": "helm-3.17.1-150000.1.41.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.1-150000.1.41.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:helm-3.17.1-150000.1.41.1.x86_64"
},
"product_reference": "helm-3.17.1-150000.1.41.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-bash-completion-3.17.1-150000.1.41.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:helm-bash-completion-3.17.1-150000.1.41.1.noarch"
},
"product_reference": "helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-zsh-completion-3.17.1-150000.1.41.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:helm-zsh-completion-3.17.1-150000.1.41.1.noarch"
},
"product_reference": "helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.1-150000.1.41.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:helm-3.17.1-150000.1.41.1.ppc64le"
},
"product_reference": "helm-3.17.1-150000.1.41.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.1-150000.1.41.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:helm-3.17.1-150000.1.41.1.x86_64"
},
"product_reference": "helm-3.17.1-150000.1.41.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-bash-completion-3.17.1-150000.1.41.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:helm-bash-completion-3.17.1-150000.1.41.1.noarch"
},
"product_reference": "helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-zsh-completion-3.17.1-150000.1.41.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:helm-zsh-completion-3.17.1-150000.1.41.1.noarch"
},
"product_reference": "helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.1-150000.1.41.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:helm-3.17.1-150000.1.41.1.ppc64le"
},
"product_reference": "helm-3.17.1-150000.1.41.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.1-150000.1.41.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:helm-3.17.1-150000.1.41.1.x86_64"
},
"product_reference": "helm-3.17.1-150000.1.41.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-bash-completion-3.17.1-150000.1.41.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:helm-bash-completion-3.17.1-150000.1.41.1.noarch"
},
"product_reference": "helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-zsh-completion-3.17.1-150000.1.41.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:helm-zsh-completion-3.17.1-150000.1.41.1.noarch"
},
"product_reference": "helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.1-150000.1.41.1.aarch64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:helm-3.17.1-150000.1.41.1.aarch64"
},
"product_reference": "helm-3.17.1-150000.1.41.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.1-150000.1.41.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:helm-3.17.1-150000.1.41.1.x86_64"
},
"product_reference": "helm-3.17.1-150000.1.41.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-bash-completion-3.17.1-150000.1.41.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:helm-bash-completion-3.17.1-150000.1.41.1.noarch"
},
"product_reference": "helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-zsh-completion-3.17.1-150000.1.41.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:helm-zsh-completion-3.17.1-150000.1.41.1.noarch"
},
"product_reference": "helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.1-150000.1.41.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:helm-3.17.1-150000.1.41.1.aarch64"
},
"product_reference": "helm-3.17.1-150000.1.41.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.1-150000.1.41.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:helm-3.17.1-150000.1.41.1.ppc64le"
},
"product_reference": "helm-3.17.1-150000.1.41.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.1-150000.1.41.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:helm-3.17.1-150000.1.41.1.s390x"
},
"product_reference": "helm-3.17.1-150000.1.41.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.17.1-150000.1.41.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:helm-3.17.1-150000.1.41.1.x86_64"
},
"product_reference": "helm-3.17.1-150000.1.41.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-bash-completion-3.17.1-150000.1.41.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:helm-bash-completion-3.17.1-150000.1.41.1.noarch"
},
"product_reference": "helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-fish-completion-3.17.1-150000.1.41.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:helm-fish-completion-3.17.1-150000.1.41.1.noarch"
},
"product_reference": "helm-fish-completion-3.17.1-150000.1.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-zsh-completion-3.17.1-150000.1.41.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:helm-zsh-completion-3.17.1-150000.1.41.1.noarch"
},
"product_reference": "helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45337",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45337"
}
],
"notes": [
{
"category": "general",
"text": "Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that \"A call to this function does not guarantee that the key offered is in fact used to authenticate.\" Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/cry...@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Enterprise Storage 7.1:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Enterprise Storage 7.1:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Enterprise Storage 7.1:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Micro 5.5:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:helm-3.17.1-150000.1.41.1.s390x",
"SUSE Linux Enterprise Micro 5.5:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.17.1-150000.1.41.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:helm-fish-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"openSUSE Leap 15.6:helm-3.17.1-150000.1.41.1.aarch64",
"openSUSE Leap 15.6:helm-3.17.1-150000.1.41.1.ppc64le",
"openSUSE Leap 15.6:helm-3.17.1-150000.1.41.1.s390x",
"openSUSE Leap 15.6:helm-3.17.1-150000.1.41.1.x86_64",
"openSUSE Leap 15.6:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"openSUSE Leap 15.6:helm-fish-completion-3.17.1-150000.1.41.1.noarch",
"openSUSE Leap 15.6:helm-zsh-completion-3.17.1-150000.1.41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45337",
"url": "https://www.suse.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "SUSE Bug 1234482 for CVE-2024-45337",
"url": "https://bugzilla.suse.com/1234482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Enterprise Storage 7.1:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Enterprise Storage 7.1:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Enterprise Storage 7.1:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Micro 5.5:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:helm-3.17.1-150000.1.41.1.s390x",
"SUSE Linux Enterprise Micro 5.5:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.17.1-150000.1.41.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:helm-fish-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"openSUSE Leap 15.6:helm-3.17.1-150000.1.41.1.aarch64",
"openSUSE Leap 15.6:helm-3.17.1-150000.1.41.1.ppc64le",
"openSUSE Leap 15.6:helm-3.17.1-150000.1.41.1.s390x",
"openSUSE Leap 15.6:helm-3.17.1-150000.1.41.1.x86_64",
"openSUSE Leap 15.6:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"openSUSE Leap 15.6:helm-fish-completion-3.17.1-150000.1.41.1.noarch",
"openSUSE Leap 15.6:helm-zsh-completion-3.17.1-150000.1.41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Enterprise Storage 7.1:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Enterprise Storage 7.1:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Enterprise Storage 7.1:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Micro 5.5:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:helm-3.17.1-150000.1.41.1.s390x",
"SUSE Linux Enterprise Micro 5.5:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.17.1-150000.1.41.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:helm-fish-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"openSUSE Leap 15.6:helm-3.17.1-150000.1.41.1.aarch64",
"openSUSE Leap 15.6:helm-3.17.1-150000.1.41.1.ppc64le",
"openSUSE Leap 15.6:helm-3.17.1-150000.1.41.1.s390x",
"openSUSE Leap 15.6:helm-3.17.1-150000.1.41.1.x86_64",
"openSUSE Leap 15.6:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"openSUSE Leap 15.6:helm-fish-completion-3.17.1-150000.1.41.1.noarch",
"openSUSE Leap 15.6:helm-zsh-completion-3.17.1-150000.1.41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-20T09:15:28Z",
"details": "important"
}
],
"title": "CVE-2024-45337"
},
{
"cve": "CVE-2024-45338",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45338"
}
],
"notes": [
{
"category": "general",
"text": "An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Enterprise Storage 7.1:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Enterprise Storage 7.1:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Enterprise Storage 7.1:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Micro 5.5:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:helm-3.17.1-150000.1.41.1.s390x",
"SUSE Linux Enterprise Micro 5.5:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.17.1-150000.1.41.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:helm-fish-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"openSUSE Leap 15.6:helm-3.17.1-150000.1.41.1.aarch64",
"openSUSE Leap 15.6:helm-3.17.1-150000.1.41.1.ppc64le",
"openSUSE Leap 15.6:helm-3.17.1-150000.1.41.1.s390x",
"openSUSE Leap 15.6:helm-3.17.1-150000.1.41.1.x86_64",
"openSUSE Leap 15.6:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"openSUSE Leap 15.6:helm-fish-completion-3.17.1-150000.1.41.1.noarch",
"openSUSE Leap 15.6:helm-zsh-completion-3.17.1-150000.1.41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45338",
"url": "https://www.suse.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "SUSE Bug 1234794 for CVE-2024-45338",
"url": "https://bugzilla.suse.com/1234794"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Enterprise Storage 7.1:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Enterprise Storage 7.1:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Enterprise Storage 7.1:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Micro 5.5:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:helm-3.17.1-150000.1.41.1.s390x",
"SUSE Linux Enterprise Micro 5.5:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.17.1-150000.1.41.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:helm-fish-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"openSUSE Leap 15.6:helm-3.17.1-150000.1.41.1.aarch64",
"openSUSE Leap 15.6:helm-3.17.1-150000.1.41.1.ppc64le",
"openSUSE Leap 15.6:helm-3.17.1-150000.1.41.1.s390x",
"openSUSE Leap 15.6:helm-3.17.1-150000.1.41.1.x86_64",
"openSUSE Leap 15.6:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"openSUSE Leap 15.6:helm-fish-completion-3.17.1-150000.1.41.1.noarch",
"openSUSE Leap 15.6:helm-zsh-completion-3.17.1-150000.1.41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Enterprise Storage 7.1:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Enterprise Storage 7.1:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Enterprise Storage 7.1:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Micro 5.5:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:helm-3.17.1-150000.1.41.1.s390x",
"SUSE Linux Enterprise Micro 5.5:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.17.1-150000.1.41.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:helm-fish-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:helm-3.17.1-150000.1.41.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:helm-3.17.1-150000.1.41.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:helm-zsh-completion-3.17.1-150000.1.41.1.noarch",
"openSUSE Leap 15.6:helm-3.17.1-150000.1.41.1.aarch64",
"openSUSE Leap 15.6:helm-3.17.1-150000.1.41.1.ppc64le",
"openSUSE Leap 15.6:helm-3.17.1-150000.1.41.1.s390x",
"openSUSE Leap 15.6:helm-3.17.1-150000.1.41.1.x86_64",
"openSUSE Leap 15.6:helm-bash-completion-3.17.1-150000.1.41.1.noarch",
"openSUSE Leap 15.6:helm-fish-completion-3.17.1-150000.1.41.1.noarch",
"openSUSE Leap 15.6:helm-zsh-completion-3.17.1-150000.1.41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-20T09:15:28Z",
"details": "moderate"
}
],
"title": "CVE-2024-45338"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.