Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-30204 (GCVE-0-2025-30204)
Vulnerability from cvelistv5 – Published: 2025-03-21 21:42 – Updated: 2025-04-10 13:03
VLAI
EPSS
Title
jwt-go allows excessive memory allocation during header parsing
Summary
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-405 - Asymmetric Resource Consumption (Amplification)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/golang-jwt/jwt/security/adviso… | x_refsource_CONFIRM |
| https://github.com/golang-jwt/jwt/commit/0951d184… | x_refsource_MISC |
| https://github.com/golang-jwt/jwt/commit/bf316c48… | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2025040… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| golang-jwt | jwt |
Affected:
>= 3.2.0, < 4.5.2
Affected: >= 5.0.0-rc.1, < 5.2.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30204",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-24T14:10:18.281694Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T14:10:35.776Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-04-04T23:03:13.309Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250404-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "jwt",
"vendor": "golang-jwt",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.2.0, \u003c 4.5.2"
},
{
"status": "affected",
"version": "\u003e= 5.0.0-rc.1, \u003c 5.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function\u0027s argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-405",
"description": "CWE-405: Asymmetric Resource Consumption (Amplification)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T13:03:19.897Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp"
},
{
"name": "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3"
},
{
"name": "https://github.com/golang-jwt/jwt/commit/bf316c48137a1212f8d0af9288cc9ce8e59f1afb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/golang-jwt/jwt/commit/bf316c48137a1212f8d0af9288cc9ce8e59f1afb"
}
],
"source": {
"advisory": "GHSA-mh63-6h87-95cp",
"discovery": "UNKNOWN"
},
"title": "jwt-go allows excessive memory allocation during header parsing"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-30204",
"datePublished": "2025-03-21T21:42:01.382Z",
"dateReserved": "2025-03-18T18:15:13.849Z",
"dateUpdated": "2025-04-10T13:03:19.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-30204",
"date": "2026-06-19",
"epss": "0.00645",
"percentile": "0.46058"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-30204\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-03-21T22:15:26.420\",\"lastModified\":\"2025-04-10T13:15:52.097\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function\u0027s argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.\"},{\"lang\":\"es\",\"value\":\"golang-jwt es una implementaci\u00f3n de Go de tokens web JSON. En versiones anteriores a la 5.2.2 y la 4.5.2, la funci\u00f3n parse.ParseUnverified divide (mediante una llamada a strings.Split) su argumento (que contiene datos no confiables) en puntos. Como resultado, ante una solicitud maliciosa cuyo encabezado de autorizaci\u00f3n consiste en \\\"Bearer\\\" seguido de muchos puntos, una llamada a dicha funci\u00f3n genera asignaciones de O(n) bytes (donde n representa la longitud del argumento de la funci\u00f3n), con un factor constante de aproximadamente 16. Este problema se solucion\u00f3 en las versiones 5.2.2 y 4.5.2.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-405\"}]}],\"references\":[{\"url\":\"https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/golang-jwt/jwt/commit/bf316c48137a1212f8d0af9288cc9ce8e59f1afb\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20250404-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.netapp.com/advisory/ntap-20250404-0002/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-04-04T23:03:13.309Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-30204\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-24T14:10:18.281694Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-24T14:10:25.565Z\"}}], \"cna\": {\"title\": \"jwt-go allows excessive memory allocation during header parsing\", \"source\": {\"advisory\": \"GHSA-mh63-6h87-95cp\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"golang-jwt\", \"product\": \"jwt\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 3.2.0, \u003c 4.5.2\"}, {\"status\": \"affected\", \"version\": \"\u003e= 5.0.0-rc.1, \u003c 5.2.2\"}]}], \"references\": [{\"url\": \"https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp\", \"name\": \"https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3\", \"name\": \"https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/golang-jwt/jwt/commit/bf316c48137a1212f8d0af9288cc9ce8e59f1afb\", \"name\": \"https://github.com/golang-jwt/jwt/commit/bf316c48137a1212f8d0af9288cc9ce8e59f1afb\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function\u0027s argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-405\", \"description\": \"CWE-405: Asymmetric Resource Consumption (Amplification)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-04-10T13:03:19.897Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-30204\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-10T13:03:19.897Z\", \"dateReserved\": \"2025-03-18T18:15:13.849Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-03-21T21:42:01.382Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
OPENSUSE-SU-2025:15454-1
Vulnerability from csaf_opensuse - Published: 2025-08-15 00:00 - Updated: 2025-08-15 00:00Summary
trivy-0.65.0-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: trivy-0.65.0-1.1 on GA media
Description of the patch: These are all security issues fixed in the trivy-0.65.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15454
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.65.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.65.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.65.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.65.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.65.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.65.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.65.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.65.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.65.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.65.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.65.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.65.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.65.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.65.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.65.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.65.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.2 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.65.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.65.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.65.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.65.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
19 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "trivy-0.65.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the trivy-0.65.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15454",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15454-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22868 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22868/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22872 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22872/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-30204 page",
"url": "https://www.suse.com/security/cve/CVE-2025-30204/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47291 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47291/"
}
],
"title": "trivy-0.65.0-1.1 on GA media",
"tracking": {
"current_release_date": "2025-08-15T00:00:00Z",
"generator": {
"date": "2025-08-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15454-1",
"initial_release_date": "2025-08-15T00:00:00Z",
"revision_history": [
{
"date": "2025-08-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.65.0-1.1.aarch64",
"product": {
"name": "trivy-0.65.0-1.1.aarch64",
"product_id": "trivy-0.65.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.65.0-1.1.ppc64le",
"product": {
"name": "trivy-0.65.0-1.1.ppc64le",
"product_id": "trivy-0.65.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.65.0-1.1.s390x",
"product": {
"name": "trivy-0.65.0-1.1.s390x",
"product_id": "trivy-0.65.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.65.0-1.1.x86_64",
"product": {
"name": "trivy-0.65.0-1.1.x86_64",
"product_id": "trivy-0.65.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.65.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:trivy-0.65.0-1.1.aarch64"
},
"product_reference": "trivy-0.65.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.65.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:trivy-0.65.0-1.1.ppc64le"
},
"product_reference": "trivy-0.65.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.65.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:trivy-0.65.0-1.1.s390x"
},
"product_reference": "trivy-0.65.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.65.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:trivy-0.65.0-1.1.x86_64"
},
"product_reference": "trivy-0.65.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22868",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22868"
}
],
"notes": [
{
"category": "general",
"text": "An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:trivy-0.65.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22868",
"url": "https://www.suse.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "SUSE Bug 1239185 for CVE-2025-22868",
"url": "https://bugzilla.suse.com/1239185"
},
{
"category": "external",
"summary": "SUSE Bug 1239186 for CVE-2025-22868",
"url": "https://bugzilla.suse.com/1239186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:trivy-0.65.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:trivy-0.65.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-22868"
},
{
"cve": "CVE-2025-22869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22869"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:trivy-0.65.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22869",
"url": "https://www.suse.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "SUSE Bug 1239322 for CVE-2025-22869",
"url": "https://bugzilla.suse.com/1239322"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:trivy-0.65.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:trivy-0.65.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-22869"
},
{
"cve": "CVE-2025-22872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22872"
}
],
"notes": [
{
"category": "general",
"text": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:trivy-0.65.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22872",
"url": "https://www.suse.com/security/cve/CVE-2025-22872"
},
{
"category": "external",
"summary": "SUSE Bug 1241710 for CVE-2025-22872",
"url": "https://bugzilla.suse.com/1241710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:trivy-0.65.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:trivy-0.65.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-22872"
},
{
"cve": "CVE-2025-30204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-30204"
}
],
"notes": [
{
"category": "general",
"text": "golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function\u0027s argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:trivy-0.65.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-30204",
"url": "https://www.suse.com/security/cve/CVE-2025-30204"
},
{
"category": "external",
"summary": "SUSE Bug 1240441 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240441"
},
{
"category": "external",
"summary": "SUSE Bug 1240442 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:trivy-0.65.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:trivy-0.65.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-30204"
},
{
"cve": "CVE-2025-47291",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47291"
}
],
"notes": [
{
"category": "general",
"text": "containerd is an open-source container runtime. A bug was found in the containerd\u0027s CRI implementation where containerd, starting in version 2.0.1 and prior to version 2.0.5, doesn\u0027t put usernamespaced containers under the Kubernetes\u0027 cgroup hierarchy, therefore some Kubernetes limits are not honored. This may cause a denial of service of the Kubernetes node. This bug has been fixed in containerd 2.0.5+ and 2.1.0+. Users should update to these versions to resolve the issue. As a workaround, disable usernamespaced pods in Kubernetes temporarily.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:trivy-0.65.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47291",
"url": "https://www.suse.com/security/cve/CVE-2025-47291"
},
{
"category": "external",
"summary": "SUSE Bug 1243632 for CVE-2025-47291",
"url": "https://bugzilla.suse.com/1243632"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:trivy-0.65.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:trivy-0.65.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-47291"
}
]
}
OPENSUSE-SU-2025:15606-1
Vulnerability from csaf_opensuse - Published: 2025-10-08 00:00 - Updated: 2025-10-08 00:00Summary
digger-cli-0.6.127-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: digger-cli-0.6.127-1.1 on GA media
Description of the patch: These are all security issues fixed in the digger-cli-0.6.127-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15606
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:digger-cli-0.6.127-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:digger-cli-0.6.127-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:digger-cli-0.6.127-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:digger-cli-0.6.127-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:digger-cli-bash-completion-0.6.127-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:digger-cli-bash-completion-0.6.127-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:digger-cli-bash-completion-0.6.127-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:digger-cli-bash-completion-0.6.127-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:digger-cli-fish-completion-0.6.127-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:digger-cli-fish-completion-0.6.127-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:digger-cli-fish-completion-0.6.127-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:digger-cli-fish-completion-0.6.127-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:digger-cli-zsh-completion-0.6.127-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:digger-cli-zsh-completion-0.6.127-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:digger-cli-zsh-completion-0.6.127-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:digger-cli-zsh-completion-0.6.127-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
6 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "digger-cli-0.6.127-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the digger-cli-0.6.127-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15606",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15606-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-30204 page",
"url": "https://www.suse.com/security/cve/CVE-2025-30204/"
}
],
"title": "digger-cli-0.6.127-1.1 on GA media",
"tracking": {
"current_release_date": "2025-10-08T00:00:00Z",
"generator": {
"date": "2025-10-08T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15606-1",
"initial_release_date": "2025-10-08T00:00:00Z",
"revision_history": [
{
"date": "2025-10-08T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "digger-cli-0.6.127-1.1.aarch64",
"product": {
"name": "digger-cli-0.6.127-1.1.aarch64",
"product_id": "digger-cli-0.6.127-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "digger-cli-bash-completion-0.6.127-1.1.aarch64",
"product": {
"name": "digger-cli-bash-completion-0.6.127-1.1.aarch64",
"product_id": "digger-cli-bash-completion-0.6.127-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "digger-cli-fish-completion-0.6.127-1.1.aarch64",
"product": {
"name": "digger-cli-fish-completion-0.6.127-1.1.aarch64",
"product_id": "digger-cli-fish-completion-0.6.127-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "digger-cli-zsh-completion-0.6.127-1.1.aarch64",
"product": {
"name": "digger-cli-zsh-completion-0.6.127-1.1.aarch64",
"product_id": "digger-cli-zsh-completion-0.6.127-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "digger-cli-0.6.127-1.1.ppc64le",
"product": {
"name": "digger-cli-0.6.127-1.1.ppc64le",
"product_id": "digger-cli-0.6.127-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "digger-cli-bash-completion-0.6.127-1.1.ppc64le",
"product": {
"name": "digger-cli-bash-completion-0.6.127-1.1.ppc64le",
"product_id": "digger-cli-bash-completion-0.6.127-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "digger-cli-fish-completion-0.6.127-1.1.ppc64le",
"product": {
"name": "digger-cli-fish-completion-0.6.127-1.1.ppc64le",
"product_id": "digger-cli-fish-completion-0.6.127-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "digger-cli-zsh-completion-0.6.127-1.1.ppc64le",
"product": {
"name": "digger-cli-zsh-completion-0.6.127-1.1.ppc64le",
"product_id": "digger-cli-zsh-completion-0.6.127-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "digger-cli-0.6.127-1.1.s390x",
"product": {
"name": "digger-cli-0.6.127-1.1.s390x",
"product_id": "digger-cli-0.6.127-1.1.s390x"
}
},
{
"category": "product_version",
"name": "digger-cli-bash-completion-0.6.127-1.1.s390x",
"product": {
"name": "digger-cli-bash-completion-0.6.127-1.1.s390x",
"product_id": "digger-cli-bash-completion-0.6.127-1.1.s390x"
}
},
{
"category": "product_version",
"name": "digger-cli-fish-completion-0.6.127-1.1.s390x",
"product": {
"name": "digger-cli-fish-completion-0.6.127-1.1.s390x",
"product_id": "digger-cli-fish-completion-0.6.127-1.1.s390x"
}
},
{
"category": "product_version",
"name": "digger-cli-zsh-completion-0.6.127-1.1.s390x",
"product": {
"name": "digger-cli-zsh-completion-0.6.127-1.1.s390x",
"product_id": "digger-cli-zsh-completion-0.6.127-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "digger-cli-0.6.127-1.1.x86_64",
"product": {
"name": "digger-cli-0.6.127-1.1.x86_64",
"product_id": "digger-cli-0.6.127-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "digger-cli-bash-completion-0.6.127-1.1.x86_64",
"product": {
"name": "digger-cli-bash-completion-0.6.127-1.1.x86_64",
"product_id": "digger-cli-bash-completion-0.6.127-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "digger-cli-fish-completion-0.6.127-1.1.x86_64",
"product": {
"name": "digger-cli-fish-completion-0.6.127-1.1.x86_64",
"product_id": "digger-cli-fish-completion-0.6.127-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "digger-cli-zsh-completion-0.6.127-1.1.x86_64",
"product": {
"name": "digger-cli-zsh-completion-0.6.127-1.1.x86_64",
"product_id": "digger-cli-zsh-completion-0.6.127-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "digger-cli-0.6.127-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:digger-cli-0.6.127-1.1.aarch64"
},
"product_reference": "digger-cli-0.6.127-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "digger-cli-0.6.127-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:digger-cli-0.6.127-1.1.ppc64le"
},
"product_reference": "digger-cli-0.6.127-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "digger-cli-0.6.127-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:digger-cli-0.6.127-1.1.s390x"
},
"product_reference": "digger-cli-0.6.127-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "digger-cli-0.6.127-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:digger-cli-0.6.127-1.1.x86_64"
},
"product_reference": "digger-cli-0.6.127-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "digger-cli-bash-completion-0.6.127-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:digger-cli-bash-completion-0.6.127-1.1.aarch64"
},
"product_reference": "digger-cli-bash-completion-0.6.127-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "digger-cli-bash-completion-0.6.127-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:digger-cli-bash-completion-0.6.127-1.1.ppc64le"
},
"product_reference": "digger-cli-bash-completion-0.6.127-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "digger-cli-bash-completion-0.6.127-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:digger-cli-bash-completion-0.6.127-1.1.s390x"
},
"product_reference": "digger-cli-bash-completion-0.6.127-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "digger-cli-bash-completion-0.6.127-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:digger-cli-bash-completion-0.6.127-1.1.x86_64"
},
"product_reference": "digger-cli-bash-completion-0.6.127-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "digger-cli-fish-completion-0.6.127-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:digger-cli-fish-completion-0.6.127-1.1.aarch64"
},
"product_reference": "digger-cli-fish-completion-0.6.127-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "digger-cli-fish-completion-0.6.127-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:digger-cli-fish-completion-0.6.127-1.1.ppc64le"
},
"product_reference": "digger-cli-fish-completion-0.6.127-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "digger-cli-fish-completion-0.6.127-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:digger-cli-fish-completion-0.6.127-1.1.s390x"
},
"product_reference": "digger-cli-fish-completion-0.6.127-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "digger-cli-fish-completion-0.6.127-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:digger-cli-fish-completion-0.6.127-1.1.x86_64"
},
"product_reference": "digger-cli-fish-completion-0.6.127-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "digger-cli-zsh-completion-0.6.127-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:digger-cli-zsh-completion-0.6.127-1.1.aarch64"
},
"product_reference": "digger-cli-zsh-completion-0.6.127-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "digger-cli-zsh-completion-0.6.127-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:digger-cli-zsh-completion-0.6.127-1.1.ppc64le"
},
"product_reference": "digger-cli-zsh-completion-0.6.127-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "digger-cli-zsh-completion-0.6.127-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:digger-cli-zsh-completion-0.6.127-1.1.s390x"
},
"product_reference": "digger-cli-zsh-completion-0.6.127-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "digger-cli-zsh-completion-0.6.127-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:digger-cli-zsh-completion-0.6.127-1.1.x86_64"
},
"product_reference": "digger-cli-zsh-completion-0.6.127-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-30204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-30204"
}
],
"notes": [
{
"category": "general",
"text": "golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function\u0027s argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:digger-cli-0.6.127-1.1.aarch64",
"openSUSE Tumbleweed:digger-cli-0.6.127-1.1.ppc64le",
"openSUSE Tumbleweed:digger-cli-0.6.127-1.1.s390x",
"openSUSE Tumbleweed:digger-cli-0.6.127-1.1.x86_64",
"openSUSE Tumbleweed:digger-cli-bash-completion-0.6.127-1.1.aarch64",
"openSUSE Tumbleweed:digger-cli-bash-completion-0.6.127-1.1.ppc64le",
"openSUSE Tumbleweed:digger-cli-bash-completion-0.6.127-1.1.s390x",
"openSUSE Tumbleweed:digger-cli-bash-completion-0.6.127-1.1.x86_64",
"openSUSE Tumbleweed:digger-cli-fish-completion-0.6.127-1.1.aarch64",
"openSUSE Tumbleweed:digger-cli-fish-completion-0.6.127-1.1.ppc64le",
"openSUSE Tumbleweed:digger-cli-fish-completion-0.6.127-1.1.s390x",
"openSUSE Tumbleweed:digger-cli-fish-completion-0.6.127-1.1.x86_64",
"openSUSE Tumbleweed:digger-cli-zsh-completion-0.6.127-1.1.aarch64",
"openSUSE Tumbleweed:digger-cli-zsh-completion-0.6.127-1.1.ppc64le",
"openSUSE Tumbleweed:digger-cli-zsh-completion-0.6.127-1.1.s390x",
"openSUSE Tumbleweed:digger-cli-zsh-completion-0.6.127-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-30204",
"url": "https://www.suse.com/security/cve/CVE-2025-30204"
},
{
"category": "external",
"summary": "SUSE Bug 1240441 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240441"
},
{
"category": "external",
"summary": "SUSE Bug 1240442 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:digger-cli-0.6.127-1.1.aarch64",
"openSUSE Tumbleweed:digger-cli-0.6.127-1.1.ppc64le",
"openSUSE Tumbleweed:digger-cli-0.6.127-1.1.s390x",
"openSUSE Tumbleweed:digger-cli-0.6.127-1.1.x86_64",
"openSUSE Tumbleweed:digger-cli-bash-completion-0.6.127-1.1.aarch64",
"openSUSE Tumbleweed:digger-cli-bash-completion-0.6.127-1.1.ppc64le",
"openSUSE Tumbleweed:digger-cli-bash-completion-0.6.127-1.1.s390x",
"openSUSE Tumbleweed:digger-cli-bash-completion-0.6.127-1.1.x86_64",
"openSUSE Tumbleweed:digger-cli-fish-completion-0.6.127-1.1.aarch64",
"openSUSE Tumbleweed:digger-cli-fish-completion-0.6.127-1.1.ppc64le",
"openSUSE Tumbleweed:digger-cli-fish-completion-0.6.127-1.1.s390x",
"openSUSE Tumbleweed:digger-cli-fish-completion-0.6.127-1.1.x86_64",
"openSUSE Tumbleweed:digger-cli-zsh-completion-0.6.127-1.1.aarch64",
"openSUSE Tumbleweed:digger-cli-zsh-completion-0.6.127-1.1.ppc64le",
"openSUSE Tumbleweed:digger-cli-zsh-completion-0.6.127-1.1.s390x",
"openSUSE Tumbleweed:digger-cli-zsh-completion-0.6.127-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:digger-cli-0.6.127-1.1.aarch64",
"openSUSE Tumbleweed:digger-cli-0.6.127-1.1.ppc64le",
"openSUSE Tumbleweed:digger-cli-0.6.127-1.1.s390x",
"openSUSE Tumbleweed:digger-cli-0.6.127-1.1.x86_64",
"openSUSE Tumbleweed:digger-cli-bash-completion-0.6.127-1.1.aarch64",
"openSUSE Tumbleweed:digger-cli-bash-completion-0.6.127-1.1.ppc64le",
"openSUSE Tumbleweed:digger-cli-bash-completion-0.6.127-1.1.s390x",
"openSUSE Tumbleweed:digger-cli-bash-completion-0.6.127-1.1.x86_64",
"openSUSE Tumbleweed:digger-cli-fish-completion-0.6.127-1.1.aarch64",
"openSUSE Tumbleweed:digger-cli-fish-completion-0.6.127-1.1.ppc64le",
"openSUSE Tumbleweed:digger-cli-fish-completion-0.6.127-1.1.s390x",
"openSUSE Tumbleweed:digger-cli-fish-completion-0.6.127-1.1.x86_64",
"openSUSE Tumbleweed:digger-cli-zsh-completion-0.6.127-1.1.aarch64",
"openSUSE Tumbleweed:digger-cli-zsh-completion-0.6.127-1.1.ppc64le",
"openSUSE Tumbleweed:digger-cli-zsh-completion-0.6.127-1.1.s390x",
"openSUSE Tumbleweed:digger-cli-zsh-completion-0.6.127-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-30204"
}
]
}
OPENSUSE-SU-2025:20117-1
Vulnerability from csaf_opensuse - Published: 2025-11-27 12:27 - Updated: 2025-11-27 12:27Summary
Security update for trivy
Severity
Important
Notes
Title of the patch: Security update for trivy
Description of the patch: This update for trivy fixes the following issues:
Changes in trivy:
Update to version 0.67.2 (bsc#1250625, CVE-2025-11065, bsc#1248897, CVE-2025-58058):
* fix: Use `fetch-level: 1` to check out trivy-repo in the release workflow [backport: release/v0.67] (#9638)
* fix: restore compatibility for google.protobuf.Value [backport: release/v0.67] (#9631)
* fix: using SrcVersion instead of Version for echo detector [backport: release/v0.67] (#9629)
* fix: add `buildInfo` for `BlobInfo` in `rpc` package [backport: release/v0.67] (#9615)
* fix(vex): don't use reused BOM [backport: release/v0.67] (#9612)
* fix(vex): don't suppress vulns for packages with infinity loop (#9465)
* fix(aws): use `BuildableClient` insead of `xhttp.Client` (#9436)
* refactor(misconf): replace github.com/liamg/memoryfs with internal mapfs and testing/fstest (#9282)
* docs: clarify inline ignore limitations for resource-less checks (#9537)
* fix(k8s): disable parallel traversal with fs cache for k8s images (#9534)
* fix(misconf): handle tofu files in module detection (#9486)
* feat(seal): add seal support (#9370)
* docs: fix modules path and update code example (#9539)
* fix: close file descriptors and pipes on error paths (#9536)
* feat: add documentation URL for database lock errors (#9531)
* fix(db): Dowload database when missing but metadata still exists (#9393)
* feat(cloudformation): support default values and list results in Fn::FindInMap (#9515)
* fix(misconf): unmark cty values before access (#9495)
* feat(cli): change --list-all-pkgs default to true (#9510)
* fix(nodejs): parse workspaces as objects for package-lock.json files (#9518)
* refactor(fs): use underlyingPath to determine virtual files more reliably (#9302)
* refactor: remove google/wire dependency and implement manual DI (#9509)
* chore(deps): bump the aws group with 6 updates (#9481)
* chore(deps): bump the common group across 1 directory with 24 updates (#9507)
* fix(misconf): wrap legacy ENV values in quotes to preserve spaces (#9497)
* docs: move info about `detection priority` into coverage section (#9469)
* feat(sbom): added support for CoreOS (#9448)
* fix(misconf): strip build metadata suffixes from image history (#9498)
* feat(cyclonedx): preserve SBOM structure when scanning SBOM files with vulnerability updates (#9439)
* docs: Fix typo in terraform docs (#9492)
* feat(redhat): add os-release detection for RHEL-based images (#9458)
* ci(deps): add 3-day cooldown period for Dependabot updates (#9475)
* refactor: migrate from go-json-experiment to encoding/json/v2 (#9422)
* fix(vuln): compare `nuget` package names in lower case (#9456)
* chore: Update release flow to include chocolatey (#9460)
* docs: document eol supportability (#9434)
* docs(report): add nuanses about secret/license scanner in summary table (#9442)
* ci: use environment variables in GitHub Actions for improved security (#9433)
* chore: bump Go to 1.24.7 (#9435)
* fix(nodejs): use snapshot string as `Package.ID` for pnpm packages (#9330)
* ci(helm): bump Trivy version to 0.66.0 for Trivy Helm Chart 0.18.0 (#9425)
Update to version 0.66.0 (bsc#1248937, CVE-2025-58058):
* chore(deps): bump the aws group with 7 updates (#9419)
* refactor(secret): clarify secret scanner messages (#9409)
* fix(cyclonedx): handle multiple license types (#9378)
* fix(repo): sanitize git repo URL before inserting into report metadata (#9391)
* test: add HTTP basic authentication to git test server (#9407)
* fix(sbom): add support for `file` component type of `CycloneDX` (#9372)
* fix(misconf): ensure module source is known (#9404)
* ci: migrate GitHub Actions from version tags to SHA pinning (#9405)
* fix: create temp file under composite fs dir (#9387)
* chore(deps): bump github.com/ulikunitz/xz from 0.5.12 to 0.5.14 (#9403)
* refactor: switch to stable azcontainerregistry SDK package (#9319)
* chore(deps): bump the common group with 7 updates (#9382)
* refactor(misconf): migrate from custom Azure JSON parser (#9222)
* fix(repo): preserve RepoMetadata on FS cache hit (#9389)
* refactor(misconf): use atomic.Int32 (#9385)
* chore(deps): bump the aws group with 6 updates (#9383)
* docs: Fix broken link to "Built-in Checks" (#9375)
* fix(plugin): don't remove plugins when updating index.yaml file (#9358)
* fix: persistent flag option typo (#9374)
* chore(deps): bump the common group across 1 directory with 26 updates (#9347)
* fix(image): use standardized HTTP client for ECR authentication (#9322)
* refactor: export `systemFileFiltering` Post Handler (#9359)
* docs: update links to Semaphore pages (#9352)
* fix(conda): memory leak by adding closure method for `package.json` file (#9349)
* feat: add timeout handling for cache database operations (#9307)
* fix(misconf): use correct field log_bucket instead of target_bucket in gcp bucket (#9296)
* fix(misconf): ensure ignore rules respect subdirectory chart paths (#9324)
* chore(deps): bump alpine from 3.21.4 to 3.22.1 (#9301)
* feat(terraform): use .terraform cache for remote modules in plan scanning (#9277)
* chore: fix some function names in comment (#9314)
* chore(deps): bump the aws group with 7 updates (#9311)
* docs: add explanation for how to use non-system certificates (#9081)
* chore(deps): bump the github-actions group across 1 directory with 2 updates (#8962)
* fix(misconf): preserve original paths of remote submodules from .terraform (#9294)
* refactor(terraform): make Scan method of Terraform plan scanner private (#9272)
* fix: suppress debug log for context cancellation errors (#9298)
* feat(secret): implement streaming secret scanner with byte offset tracking (#9264)
* fix(python): impove package name normalization (#9290)
* feat(misconf): added audit config attribute (#9249)
* refactor(misconf): decouple input fs and track extracted files with fs references (#9281)
* test(misconf): remove BenchmarkCalculate using outdated check metadata (#9291)
* refactor: simplify Detect function signature (#9280)
* ci(helm): bump Trivy version to 0.65.0 for Trivy Helm Chart 0.17.0 (#9288)
* fix(fs): avoid shadowing errors in file.glob (#9286)
* test(misconf): move terraform scan tests to integration tests (#9271)
* test(misconf): drop gcp iam test covered by another case (#9285)
* chore(deps): bump to alpine from `3.21.3` to `3.21.4` (#9283)
Update to version 0.65.0:
* fix(cli): ensure correct command is picked by telemetry (#9260)
* feat(flag): add schema validation for `--server` flag (#9270)
* chore(deps): bump github.com/docker/docker from 28.3.2+incompatible to 28.3.3+incompatible (#9274)
* ci: skip undefined labels in discussion triage action (#9175)
* feat(repo): add git repository metadata to reports (#9252)
* fix(license): handle WITH operator for `LaxSplitLicenses` (#9232)
* chore: add modernize tool integration for code modernization (#9251)
* fix(secret): add UTF-8 validation in secret scanner to prevent protobuf marshalling errors (#9253)
* chore: implement process-safe temp file cleanup (#9241)
* fix: prevent graceful shutdown message on normal exit (#9244)
* fix(misconf): correctly parse empty port ranges in google_compute_firewall (#9237)
* feat: add graceful shutdown with signal handling (#9242)
* chore: update template URL for brew formula (#9221)
* test: add end-to-end testing framework with image scan and proxy tests (#9231)
* refactor(db): use `Getter` interface with `GetParams` for trivy-db sources (#9239)
* ci: specify repository for `gh cache delete` in canary worklfow (#9240)
* ci: remove invalid `--confirm` flag from `gh cache delete` command in canary builds (#9236)
* fix(misconf): fix log bucket in schema (#9235)
* chore(deps): bump the common group across 1 directory with 24 updates (#9228)
* ci: move runner.os context from job-level env to step-level in canary workflow (#9233)
* chore(deps): bump up Trivy-kubernetes to v0.9.1 (#9214)
* feat(misconf): added logging and versioning to the gcp storage bucket (#9226)
* fix(server): add HTTP transport setup to server mode (#9217)
* chore: update the rpm download Update (#9202)
* feat(alma): add AlmaLinux 10 support (#9207)
* fix(nodejs): don't use prerelease logic for compare npm constraints (#9208)
* fix(rootio): fix severity selection (#9181)
* fix(sbom): merge in-graph and out-of-graph OS packages in scan results (#9194)
* fix(cli): panic: attempt to get os.Args[1] when len(os.Args) < 2 (#9206)
* fix(misconf): correctly adapt azure storage account (#9138)
* feat(misconf): add private ip google access attribute to subnetwork (#9199)
* feat(report): add CVSS vectors in sarif report (#9157)
* fix(terraform): `for_each` on a map returns a resource for every key (#9156)
* fix: supporting .egg-info/METADATA in python.Packaging analyzer (#9151)
* chore: migrate protoc setup from Docker to buf CLI (#9184)
* ci: delete cache after artifacts upload in canary workflow (#9177)
* refactor: remove aws flag helper message (#9080)
* ci: use gh pr view to get PR number for forked repositories in auto-ready workflow (#9183)
* ci: add auto-ready-for-review workflow (#9179)
* feat(image): add Docker context resolution (#9166)
* ci: optimize golangci-lint performance with cache-based strategy (#9173)
* feat: add HTTP request/response tracing support (#9125)
* fix(aws): update amazon linux 2 EOL date (#9176)
* chore: Update release workflow to trigger version updates (#9162)
* chore(deps): bump helm.sh/helm/v3 from 3.18.3 to 3.18.4 (#9164)
* fix: also check `filepath` when removing duplicate packages (#9142)
* chore: add debug log to show image source location (#9163)
* docs: add section on customizing default check data (#9114)
* chore(deps): bump the common group across 1 directory with 9 updates (#9153)
* docs: partners page content updates (#9149)
* chore(license): add missed spdx exceptions: (#9147)
* docs: trivy partners page updates (#9133)
* fix: migrate from `*.list` to `*.md5sums` files for `dpkg` (#9131)
* ci(helm): bump Trivy version to 0.64.1 for Trivy Helm Chart 0.16.1 (#9135)
* feat(sbom): add SHA-512 hash support for CycloneDX SBOM (#9126)
* fix(misconf): skip rewriting expr if attr is nil (#9113)
* fix(license): add missed `GFDL-NIV-1.1` and `GFDL-NIV-1.2` into Trivy mapping (#9116)
* fix(cli): Add more non-sensitive flags to telemetry (#9110)
* fix(alma): parse epochs from rpmqa file (#9101)
* fix(rootio): check full version to detect `root.io` packages (#9117)
* chore: drop FreeBSD 32-bit support (#9102)
* fix(sbom): use correct field for licenses in CycloneDX reports (#9057)
* fix(secret): fix line numbers for multiple-line secrets (#9104)
* feat(license): observe pkg types option in license scanner (#9091)
* ci(helm): bump Trivy version to 0.64.0 for Trivy Helm Chart 0.16.0 (#9107)
- (CVE-2025-53547, bsc#1246151)
- Update to version 0.64.1 (bsc#1243633, CVE-2025-47291,
(bsc#1246730, CVE-2025-46569):
* fix(misconf): skip rewriting expr if attr is nil [backport: release/v0.64] (#9127)
* fix(cli): Add more non-sensitive flags to telemetry [backport: release/v0.64] (#9124)
* fix(rootio): check full version to detect `root.io` packages [backport: release/v0.64] (#9120)
* fix(alma): parse epochs from rpmqa file [backport: release/v0.64] (#9119)
* docs(python): fix type with METADATA file name (#9090)
* feat: reject unsupported artifact types in remote image retrieval (#9052)
* chore(deps): bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 (#9088)
* refactor(misconf): rewrite Rego module filtering using functional filters (#9061)
* feat(terraform): add partial evaluation for policy templates (#8967)
* feat(vuln): add Root.io support for container image scanning (#9073)
* feat(sbom): add manufacturer field to CycloneDX tools metadata (#9019)
* fix(cli): add some values to the telemetry call (#9056)
* feat(ubuntu): add end of life date for Ubuntu 25.04 (#9077)
* refactor: centralize HTTP transport configuration (#9058)
* test: include integration tests in linting and fix all issues (#9060)
* chore(deps): bump the common group across 1 directory with 26 updates (#9063)
* feat(java): dereference all maven settings.xml env placeholders (#9024)
* fix(misconf): reduce log noise on incompatible check (#9029)
* fix(misconf): .Config.User always takes precedence over USER in .History (#9050)
* chore(deps): update Docker to v28.2.2 and fix compatibility issues (#9037)
* docs(misconf): simplify misconfiguration docs (#9030)
* fix(misconf): move disabled checks filtering after analyzer scan (#9002)
* docs: add PR review policy for maintainers (#9032)
* fix(sbom): remove unnecessary OS detection check in SBOM decoding (#9034)
* test: improve and extend tests for iac/adapters/arm (#9028)
* chore: bump up Go version to 1.24.4 (#9031)
* feat(cli): add version constraints to annoucements (#9023)
* fix(misconf): correct Azure value-to-time conversion in AsTimeValue (#9015)
* feat(ubuntu): add eol date for 20.04-ESM (#8981)
* fix(report): don't panic when report contains vulns, but doesn't contain packages for `table` format (#8549)
* fix(nodejs): correctly parse `packages` array of `bun.lock` file (#8998)
* refactor: use strings.SplitSeq instead of strings.Split in for-loop (#8983)
* docs: change --disable-metrics to --disable-telemetry in example (#8999) (#9003)
* feat(misconf): add OpenTofu file extension support (#8747)
* refactor(misconf): set Trivy version by default in Rego scanner (#9001)
* docs: fix assets with versioning (#8996)
* docs: add partners page (#8988)
* chore(alpine): add EOL date for Alpine 3.22 (#8992)
* fix: don't show corrupted trivy-db warning for first run (#8991)
* Update installation.md (#8979)
* feat(misconf): normalize CreatedBy for buildah and legacy docker builder (#8953)
* chore(k8s): update comments with deprecated command format (#8964)
* chore: fix errors and typos in docs (#8963)
* fix: Add missing version check flags (#8951)
* feat(redhat): Add EOL date for RHEL 10. (#8910)
* fix: Correctly check for semver versions for trivy version check (#8948)
* refactor(server): change custom advisory and vulnerability data types fr… (#8923)
* ci(helm): bump Trivy version to 0.63.0 for Trivy Helm Chart 0.15.0 (#8946)
* fix(misconf): use argument value in WithIncludeDeprecatedChecks (#8942)
* chore(deps): Bump trivy-checks (#8934)
* fix(julia): add `Relationship` field support (#8939)
* feat(minimos): Add support for MinimOS (#8792)
* feat(alpine): add maintainer field extraction for APK packages (#8930)
* feat(echo): Add Echo Support (#8833)
* fix(redhat): Also try to find buildinfo in root layer (layer 0) (#8924)
* fix(wolfi): support new APK database location (#8937)
* feat(k8s): get components from namespaced resources (#8918)
* refactor(cloudformation): remove unused ScanFile method from Scanner (#8927)
* refactor(terraform): remove result sorting from scanner (#8928)
* feat(misconf): Add support for `Minimum Trivy Version` (#8880)
* docs: improve skipping files documentation (#8749)
* feat(cli): Add available version checking (#8553)
* feat(nodejs): add a bun.lock analyzer (#8897)
* feat: terraform parser option to set current working directory (#8909)
* perf(secret): only match secrets of meaningful length, allow example strings to not be matched (#8602)
* feat(misconf): export raw Terraform data to Rego (#8741)
* refactor(terraform): simplify AllReferences method signature in Attribute (#8906)
* fix: check post-analyzers for StaticPaths (#8904)
* feat: add Bottlerocket OS package analyzer (#8653)
* feat(license): improve work text licenses with custom classification (#8888)
* chore(deps): bump github.com/containerd/containerd/v2 from 2.1.0 to 2.1.1 (#8901)
* chore(deps): bump the common group across 1 directory with 9 updates (#8887)
* refactor(license): simplify compound license scanning (#8896)
* feat(license): Support compound licenses (licenses using SPDX operators) (#8816)
* fix(k8s): use in-memory cache backend during misconfig scanning (#8873)
* feat(nodejs): add bun.lock parser (#8851)
* feat(license): improve work with custom classification of licenses from config file (#8861)
* fix(cli): disable `--skip-dir` and `--skip-files` flags for `sbom` command (#8886)
* fix: julia parser panicing (#8883)
* refactor(db): change logic to detect wrong DB (#8864)
* fix(cli): don't use allow values for `--compliance` flag (#8881)
* docs(misconf): Reorganize misconfiguration scan pages (#8206)
* fix(server): add missed Relationship field for `rpc` (#8872)
* feat: add JSONC support for comments and trailing commas (#8862)
* fix(vex): use `lo.IsNil` to check `VEX` from OCI artifact (#8858)
* feat(go): support license scanning in both GOPATH and vendor (#8843)
* fix(redhat): save contentSets for OS packages in fs/vm modes (#8820)
* fix: filter all files when processing files installed from package managers (#8842)
* feat(misconf): add misconfiguration location to junit template (#8793)
* docs(vuln): remove OSV for Python from data sources (#8841)
* chore: add an issue template for maintainers (#8838)
* chore: enable staticcheck (#8815)
* ci(helm): bump Trivy version to 0.62.1 for Trivy Helm Chart 0.14.1 (#8836)
* feat(license): scan vendor directory for license for go.mod files (#8689)
* docs(java): Update info about dev deps in gradle lock (#8830)
* chore(deps): bump golang.org/x/sync from 0.13.0 to 0.14.0 in the common group (#8822)
* fix(java): exclude dev dependencies in gradle lockfile (#8803)
* fix: octalLiteral from go-critic (#8811)
* fix(redhat): trim invalid suffix from content_sets in manifest parsing (#8818)
* chore(deps): bump the common group across 1 directory with 10 updates (#8817)
* fix: use-any from revive (#8810)
* fix: more revive rules (#8814)
* docs: change in java.md: fix the Trity -to-> Trivy typo (#8813)
* fix(misconf): check if for-each is known when expanding dyn block (#8808)
* ci(helm): bump Trivy version to 0.62.0 for Trivy Helm Chart 0.14.0 (#8802)
- Update to version 0.62.1 (bsc#1239225, CVE-2025-22868,
bsc#1241724, CVE-2025-22872):
* chore(deps): bump the common group across 1 directory with 10 updates [backport: release/v0.62] (#8831)
* fix(misconf): check if for-each is known when expanding dyn block [backport: release/v0.62] (#8826)
* fix(redhat): trim invalid suffix from content_sets in manifest parsing [backport: release/v0.62] (#8824)
* feat(nodejs): add root and workspace for `yarn` packages (#8535)
* fix: unused-parameter rule from revive (#8794)
* chore(deps): Update trivy-checks (#8798)
* fix: early-return, indent-error-flow and superfluous-else rules from revive (#8796)
* fix(k8s): remove using `last-applied-configuration` (#8791)
* refactor(misconf): remove unused methods from providers (#8781)
* refactor(misconf): remove unused methods from iac types (#8782)
* fix(misconf): filter null nodes when parsing json manifest (#8785)
* fix: testifylint last issues (#8768)
* fix(misconf): perform operations on attribute safely (#8774)
* refactor(ubuntu): update time handling for fixing time (#8780)
* chore(deps): bump golangci-lint to v2.1.2 (#8766)
* feat(image): save layers metadata into report (#8394)
* feat(misconf): convert AWS managed policy to document (#8757)
* chore(deps): bump the docker group across 1 directory with 3 updates (#8762)
* ci(helm): bump Trivy version to 0.61.1 for Trivy Helm Chart 0.13.1 (#8753)
* ci(helm): create a helm branch for patches from main (#8673)
* fix(terraform): hcl object expressions to return references (#8271)
* chore(terraform): option to pass in instanced logger (#8738)
* ci: use `Skitionek/notify-microsoft-teams` instead of `aquasecurity` fork (#8740)
* chore(terraform): remove os.OpenPath call from terraform file functions (#8737)
* chore(deps): bump the common group across 1 directory with 23 updates (#8733)
* feat(rust): add root and workspace relationships/package for `cargo` lock files (#8676)
* refactor(misconf): remove module outputs from parser.EvaluateAll (#8587)
* fix(misconf): populate context correctly for module instances (#8656)
* fix(misconf): check if metadata is not nil (#8647)
* refactor(misconf): switch to x/json (#8719)
* fix(report): clean buffer after flushing (#8725)
* ci: improve PR title validation workflow (#8720)
* refactor(flag): improve flag system architecture and extensibility (#8718)
* fix(terraform): `evaluateStep` to correctly set `EvalContext` for multiple instances of blocks (#8555)
* refactor: migrate from `github.com/aquasecurity/jfather` to `github.com/go-json-experiment/json` (#8591)
* feat(misconf): support auto_provisioning_defaults in google_container_cluster (#8705)
* ci: use `github.event.pull_request.user.login` for release PR check workflow (#8702)
* refactor: add hook interface for extended functionality (#8585)
* fix(misconf): add missing variable as unknown (#8683)
* docs: Update maintainer docs (#8674)
* ci(vuln): reduce github action script injection attack risk (#8610)
* fix(secret): ignore .dist-info directories during secret scanning (#8646)
* fix(server): fix redis key when trying to delete blob (#8649)
* chore(deps): bump the testcontainers group with 2 updates (#8650)
* test: use `aquasecurity` repository for test images (#8677)
* chore(deps): bump the aws group across 1 directory with 5 updates (#8652)
* fix(k8s): skip passed misconfigs for the summary report (#8684)
* fix(k8s): correct compare artifact versions (#8682)
* chore: update Docker lib (#8681)
* refactor(misconf): remove unused terraform attribute methods (#8657)
* feat(misconf): add option to pass Rego scanner to IaC scanner (#8369)
* chore: typo fix to replace `rego` with `repo` on the RepoFlagGroup options error output (#8643)
* docs: Add info about helm charts release (#8640)
* ci(helm): bump Trivy version to 0.61.0 for Trivy Helm Chart 0.13.0 (#8638)
Update to version 0.61.1 (bsc#1239385, CVE-2025-22869, bsc#1240466, CVE-2025-30204):
* fix(k8s): skip passed misconfigs for the summary report [backport: release/v0.61] (#8748)
* fix(k8s): correct compare artifact versions [backport: release/v0.61] (#8699)
* test: use `aquasecurity` repository for test images [backport: release/v0.61] (#8698)
* fix(misconf): Improve logging for unsupported checks (#8634)
* feat(k8s): add support for controllers (#8614)
* fix(debian): don't include empty licenses for `dpkgs` (#8623)
* fix(misconf): Check values wholly prior to evalution (#8604)
* chore(deps): Bump trivy-checks (#8619)
* fix(k8s): show report for `--report all` (#8613)
* chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 (#8597)
* refactor: rename scanner to service (#8584)
* fix(misconf): do not skip loading documents from subdirectories (#8526)
* refactor(misconf): get a block or attribute without calling HasChild (#8586)
* fix(misconf): identify the chart file exactly by name (#8590)
* test: use table-driven tests in Helm scanner tests (#8592)
* refactor(misconf): Simplify misconfig checks bundle parsing (#8533)
* chore(deps): bump the common group across 1 directory with 10 updates (#8566)
* fix(misconf): do not use cty.NilVal for non-nil values (#8567)
* docs(cli): improve flag value display format (#8560)
* fix(misconf): set default values for AWS::EKS::Cluster.ResourcesVpcConfig (#8548)
* docs: remove slack (#8565)
* fix: use `--file-patterns` flag for all post analyzers (#7365)
* docs(python): Mention pip-compile (#8484)
* feat(misconf): adapt aws_opensearch_domain (#8550)
* feat(misconf): adapt AWS::EC2::VPC (#8534)
* docs: fix a broken link (#8546)
* fix(fs): check postAnalyzers for StaticPaths (#8543)
* refactor(misconf): remove unused methods for ec2.Instance (#8536)
* feat(misconf): adapt aws_default_security_group (#8538)
* feat(fs): optimize scanning performance by direct file access for known paths (#8525)
* feat(misconf): adapt AWS::DynamoDB::Table (#8529)
* style: Fix MD syntax in self-hosting.md (#8523)
* perf(misconf): retrieve check metadata from annotations once (#8478)
* feat(misconf): Add support for aws_ami (#8499)
* fix(misconf): skip Azure CreateUiDefinition (#8503)
* refactor(misconf): use OPA v1 (#8518)
* fix(misconf): add ephemeral block type to config schema (#8513)
* perf(misconf): parse input for Rego once (#8483)
* feat: replace TinyGo with standard Go for WebAssembly modules (#8496)
* chore: replace deprecated tenv linter with usetesting (#8504)
* fix(spdx): save text licenses into `otherLicenses` without normalize (#8502)
* chore(deps): bump the common group across 1 directory with 13 updates (#8491)
* chore: use go.mod for managing Go tools (#8493)
* ci(helm): bump Trivy version to 0.60.0 for Trivy Helm Chart 0.12.0 (#8494)
* fix(sbom): improve logic for binding direct dependency to parent component (#8489)
* chore(deps): remove missed replace of `trivy-db` (#8492)
* chore(deps): bump alpine from 3.21.0 to 3.21.3 in the docker group across 1 directory (#8490)
* chore(deps): update Go to 1.24 and switch to go-version-file (#8388)
* docs: add abbreviation list (#8453)
* chore(terraform): assign *terraform.Module 'parent' field (#8444)
* feat: add report summary table (#8177)
* chore(deps): bump the github-actions group with 3 updates (#8473)
* refactor(vex): improve SBOM reference handling with project standards (#8457)
* ci: update GitHub Actions cache to v4 (#8475)
* feat: add `--vuln-severity-source` flag (#8269)
* fix(os): add mapping OS aliases (#8466)
* chore(deps): bump the aws group across 1 directory with 7 updates (#8468)
* chore(deps): Bump trivy-checks to v1.7.1 (#8467)
* refactor(report): write tables after rendering all results (#8357)
* docs: update VEX documentation index page (#8458)
* fix(db): fix case when 2 trivy-db were copied at the same time (#8452)
* feat(misconf): render causes for Terraform (#8360)
* fix(misconf): fix incorrect k8s locations due to JSON to YAML conversion (#8073)
* feat(cyclonedx): Add initial support for loading external VEX files from SBOM references (#8254)
* chore(deps): update go-rustaudit location (#8450)
* fix: update all documentation links (#8045)
* chore(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 (#8443)
* chore(deps): bump the common group with 6 updates (#8411)
* fix(k8s): add missed option `PkgRelationships` (#8442)
* fix(sbom): add SBOM file's filePath as Application FilePath if we can't detect its path (#8346)
* feat(go): fix parsing main module version for go >= 1.24 (#8433)
* refactor(misconf): make Rego scanner independent of config type (#7517)
* fix(image): disable AVD-DS-0007 for history scanning (#8366)
* fix(server): secrets inspectation for the config analyzer in client server mode (#8418)
* chore: remove mockery (#8417)
* test(server): replace mock driver with memory cache in server tests (#8416)
* test: replace mock with memory cache and fix non-deterministic tests (#8410)
* test: replace mock with memory cache in scanner tests (#8413)
* test: use memory cache (#8403)
* fix(spdx): init `pkgFilePaths` map for all formats (#8380)
* chore(deps): bump the common group across 1 directory with 11 updates (#8381)
* docs: correct Ruby documentation (#8402)
* chore: bump `mockery` to update v2.52.2 version and rebuild mock files (#8390)
* fix: don't use `scope` for `trivy registry login` command (#8393)
* fix(go): merge nested flags into string for ldflags for Go binaries (#8368)
* chore(terraform): export module path on terraform modules (#8374)
* fix(terraform): apply parser options to submodule parsing (#8377)
* docs: Fix typos in documentation (#8361)
* docs: fix navigate links (#8336)
* ci(helm): bump Trivy version to 0.59.1 for Trivy Helm Chart 0.11.1 (#8354)
* ci(spdx): add `aqua-installer` step to fix `mage` error (#8353)
* chore: remove debug prints (#8347)
* fix(misconf): do not log scanners when misconfig scanning is disabled (#8345)
* fix(report): remove html escaping for `shortDescription` and `fullDescription` fields for sarif reports (#8344)
* chore(deps): bump Go to `v1.23.5` (#8341)
* fix(python): add `poetry` v2 support (#8323)
* chore(deps): bump the github-actions group across 1 directory with 4 updates (#8331)
* fix(misconf): ecs include enhanced for container insights (#8326)
* fix(sbom): preserve OS packages from multiple SBOMs (#8325)
* ci(helm): bump Trivy version to 0.59.0 for Trivy Helm Chart 0.11.0 (#8311)
* (bsc#1237618, CVE-2025-27144)
Update to version 0.59.1:
* fix(misconf): do not log scanners when misconfig scanning is disabled [backport: release/v0.59] (#8349)
* chore(deps): bump Go to `v1.23.5` [backport: release/v0.59] (#8343)
* fix(python): add `poetry` v2 support [backport: release/v0.59] (#8335)
* fix(sbom): preserve OS packages from multiple SBOMs [backport: release/v0.59] (#8333)
Update to version 0.59.0:
* feat(image): return error early if total size of layers exceeds limit (#8294)
* chore(deps): Bump trivy-checks (#8310)
* chore(terraform): add accessors to underlying raw hcl values (#8306)
* fix: improve conversion of image config to Dockerfile (#8308)
* docs: replace short codes with Unicode emojis (#8296)
* feat(k8s): improve artifact selections for specific namespaces (#8248)
* chore: update code owners (#8303)
* fix(misconf): handle heredocs in dockerfile instructions (#8284)
* fix: de-duplicate same `dpkg` packages with different filePaths from different layers (#8298)
* chore(deps): bump the aws group with 7 updates (#8299)
* chore(deps): bump the common group with 12 updates (#8301)
* chore: enable int-conversion from perfsprint (#8194)
* feat(fs): use git commit hash as cache key for clean repositories (#8278)
* fix(spdx): use the `hasExtractedLicensingInfos` field for licenses that are not listed in the SPDX (#8077)
* chore: use require.ErrorContains when possible (#8291)
* feat(image): prevent scanning oversized container images (#8178)
* chore(deps): use aqua forks for `github.com/liamg/jfather` and `github.com/liamg/iamgo` (#8289)
* fix(fs): fix cache key generation to use UUID (#8275)
* fix(misconf): correctly handle all YAML tags in K8S templates (#8259)
* feat: add support for registry mirrors (#8244)
* chore(deps): bump the common group across 1 directory with 29 updates (#8261)
* refactor(license): improve license expression normalization (#8257)
* feat(misconf): support for ignoring by inline comments for Dockerfile (#8115)
* feat: add a examples field to check metadata (#8068)
* chore(deps): bump alpine from 3.20.0 to 3.21.0 in the docker group across 1 directory (#8196)
* ci: add workflow to restrict direct PRs to release branches (#8240)
* fix(suse): SUSE - update OSType constants and references for compatility (#8236)
* ci: fix path to main dir for canary builds (#8231)
* chore(secret): add reported issues related to secrets in junit template (#8193)
* refactor: use trivy-checks/pkg/specs package (#8226)
* ci(helm): bump Trivy version to 0.58.1 for Trivy Helm Chart 0.10.0 (#8170)
* fix(misconf): allow null values only for tf variables (#8112)
* feat(misconf): support for ignoring by inline comments for Helm (#8138)
* fix(redhat): check `usr/share/buildinfo/` dir to detect content sets (#8222)
* chore(alpine): add EOL date for Alpine 3.21 (#8221)
* fix: CVE-2025-21613 and CVE-2025-21614 : go-git: argument injection via the URL field (#8207)
* fix(misconf): disable git terminal prompt on tf module load (#8026)
* chore: remove aws iam related scripts (#8179)
* docs: Updated JSON schema version 2 in the trivy documentation (#8188)
* refactor(python): use once + debug for `License acquired from METADATA...` logs (#8175)
* refactor: use slices package instead of custom function (#8172)
* chore(deps): bump the common group with 6 updates (#8162)
* feat(python): add support for uv dev and optional dependencies (#8134)
* feat(python): add support for poetry dev dependencies (#8152)
* fix(sbom): attach nested packages to Application (#8144)
* docs(vex): use debian minor version in examples (#8166)
* refactor: add generic Set implementation (#8149)
* chore(deps): bump the aws group across 1 directory with 6 updates (#8163)
* fix(python): skip dev group's deps for poetry (#8106)
* fix(sbom): use root package for `unknown` dependencies (if exists) (#8104)
* chore(deps): bump `golang.org/x/net` from `v0.32.0` to `v0.33.0` (#8140)
* chore(vex): suppress CVE-2024-45338 (#8137)
* feat(python): add support for uv (#8080)
* chore(deps): bump the docker group across 1 directory with 3 updates (#8127)
* chore(deps): bump the common group across 1 directory with 14 updates (#8126)
* chore: bump go to 1.23.4 (#8123)
* test: set dummy value for NUGET_PACKAGES (#8107)
* chore(deps): bump `github.com/CycloneDX/cyclonedx-go` from `v0.9.1` to `v0.9.2` (#8105)
* chore(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 (#8103)
* fix: wasm module test (#8099)
* fix: CVE-2024-45337: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass (#8088)
* chore(vex): suppress CVE-2024-45337 (#8101)
* fix(license): always trim leading and trailing spaces for licenses (#8095)
* fix(sbom): scan results of SBOMs generated from container images are missing layers (#7635)
* fix(redhat): correct rewriting of recommendations for the same vulnerability (#8063)
* fix: enable err-error and errorf rules from perfsprint linter (#7859)
* chore(deps): bump the aws group across 1 directory with 6 updates (#8074)
* perf: avoid heap allocation in applier findPackage (#7883)
* fix: Updated twitter icon (#7772)
* docs(k8s): add a note about multi-container pods (#7815)
* feat: add `--distro` flag to manually specify OS distribution for vulnerability scanning (#8070)
* fix(oracle): add architectures support for advisories (#4809)
* fix: handle `BLOW_UNKNOWN` error to download DBs (#8060)
* feat(misconf): generate placeholders for random provider resources (#8051)
* fix(sbom): fix wrong overwriting of applications obtained from different sbom files but having same app type (#8052)
* fix(flag): skip hidden flags for `--generate-default-config` command (#8046)
* fix(java): correctly overwrite version from depManagement if dependency uses `project.*` props (#8050)
* feat(nodejs): respect peer dependencies for dependency tree (#7989)
* ci(helm): bump Trivy version to 0.58.0 for Trivy Helm Chart 0.10.0 (#8038)
* fix: respect GITHUB_TOKEN to download artifacts from GHCR (#7580)
* chore(deps): bump github.com/moby/buildkit from 0.17.2 to 0.18.0 in the docker group (#8029)
* fix(misconf): use log instead of fmt for logging (#8033)
* docs: add commercial content (#8030)
- Update to version 0.58.2 (
bsc#1234512, CVE-2024-45337,
bsc#1235265, CVE-2024-45338,
bsc#1232948, CVE-2024-51744):
* fix(misconf): allow null values only for tf variables [backport: release/v0.58] (#8238)
* fix(suse): SUSE - update OSType constants and references for compatility [backport: release/v0.58] (#8237)
* fix: CVE-2025-21613 and CVE-2025-21614 : go-git: argument injection via the URL field [backport: release/v0.58] (#8215)
* fix(sbom): attach nested packages to Application [backport: release/v0.58] (#8168)
* fix(python): skip dev group's deps for poetry [backport: release/v0.58] (#8158)
* fix(sbom): use root package for `unknown` dependencies (if exists) [backport: release/v0.58] (#8156)
* chore(deps): bump `golang.org/x/net` from `v0.32.0` to `v0.33.0` [backport: release/v0.58] (#8142)
* chore(deps): bump `github.com/CycloneDX/cyclonedx-go` from `v0.9.1` to `v0.9.2` [backport: release/v0.58] (#8136)
* fix(redhat): correct rewriting of recommendations for the same vulnerability [backport: release/v0.58] (#8135)
* fix(oracle): add architectures support for advisories [backport: release/v0.58] (#8125)
* fix(sbom): fix wrong overwriting of applications obtained from different sbom files but having same app type [backport: release/v0.58] (#8124)
* chore(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 [backport: release/v0.58] (#8122)
* fix: handle `BLOW_UNKNOWN` error to download DBs [backport: release/v0.58] (#8121)
* fix(java): correctly overwrite version from depManagement if dependency uses `project.*` props [backport: release/v0.58] (#8119)
* fix(misconf): wrap AWS EnvVar to iac types (#7407)
* chore(deps): Upgrade trivy-checks (#8018)
* refactor(misconf): Remove unused options (#7896)
* docs: add terminology page to explain Trivy concepts (#7996)
* feat: add `workspaceRelationship` (#7889)
* refactor(sbom): simplify relationship generation (#7985)
* chore: remove Go checks (#7907)
* docs: improve databases documentation (#7732)
* refactor: remove support for custom Terraform checks (#7901)
* docs: fix dead links (#7998)
* docs: drop AWS account scanning (#7997)
* fix(aws): change CPU and Memory type of ContainerDefinition to a string (#7995)
* fix(cli): Handle empty ignore files more gracefully (#7962)
* fix(misconf): load full Terraform module (#7925)
* fix(misconf): properly resolve local Terraform cache (#7983)
* refactor(k8s): add v prefix for Go packages (#7839)
* test: replace Go checks with Rego (#7867)
* feat(misconf): log causes of HCL file parsing errors (#7634)
* chore(deps): bump the aws group across 1 directory with 7 updates (#7991)
* chore(deps): bump github.com/moby/buildkit from 0.17.0 to 0.17.2 in the docker group across 1 directory (#7990)
* chore(deps): update csaf module dependency from csaf-poc to gocsaf (#7992)
* chore: downgrade the failed block expand message to debug (#7964)
* fix(misconf): do not erase variable type for child modules (#7941)
* feat(go): construct dependencies of `go.mod` main module in the parser (#7977)
* feat(go): construct dependencies in the parser (#7973)
* feat: add cvss v4 score and vector in scan response (#7968)
* docs: add `overview` page for `others` (#7972)
* fix(sbom): Fixes for Programming Language Vulnerabilities and SBOM Package Maintainer Details (#7871)
* feat(suse): Align SUSE/OpenSUSE OS Identifiers (#7965)
* chore(deps): bump the common group with 4 updates (#7949)
* feat(oracle): add `flavors` support (#7858)
* fix(misconf): Update trivy-checks default repo to `mirror.gcr.io` (#7953)
* chore(deps): Bump up trivy-checks to v1.3.0 (#7959)
* fix(k8s): check all results for vulnerabilities (#7946)
* ci(helm): bump Trivy version to 0.57.1 for Trivy Helm Chart 0.9.0 (#7945)
* feat(secret): Add built-in secrets rules for Private Packagist (#7826)
* docs: Fix broken links (#7900)
* docs: fix mistakes/typos (#7942)
* feat: Update registry fallbacks (#7679)
* fix(alpine): add `UID` for removed packages (#7887)
* chore(deps): bump the aws group with 6 updates (#7902)
* chore(deps): bump the common group with 6 updates (#7904)
* fix(debian): infinite loop (#7928)
* fix(redhat): don't return error if `root/buildinfo/content_manifests/` contains files that are not `contentSets` files (#7912)
* docs: add note about temporary podman socket (#7921)
* docs: combine trivy.dev into trivy docs (#7884)
* test: change branch in spdx schema link to check in integration tests (#7935)
* docs: add Headlamp to the Trivy Ecosystem page (#7916)
* fix(report): handle `git@github.com` schema for misconfigs in `sarif` report (#7898)
* chore(k8s): enhance k8s scan log (#6997)
* fix(terraform): set null value as fallback for missing variables (#7669)
* fix(misconf): handle null properties in CloudFormation templates (#7813)
* fix(fs): add missing defered Cleanup() call to post analyzer fs (#7882)
* chore(deps): bump the common group across 1 directory with 20 updates (#7876)
* chore: bump containerd to v2.0.0 (#7875)
* fix: Improve version comparisons when build identifiers are present (#7873)
* feat(k8s): add default commands for unknown platform (#7863)
* chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 (#7868)
* refactor(secret): optimize performance by moving ToLower operation outside loop (#7862)
* test: save `containerd` image into archive and use in tests (#7816)
* chore(deps): bump the github-actions group across 1 directory with 2 updates (#7854)
* chore: bump golangci-lint to v1.61.0 (#7853)
Update to version 0.57.1:
* feat: Update registry fallbacks [backport: release/v0.57] (#7944)
* fix(redhat): don't return error if `root/buildinfo/content_manifests/` contains files that are not `contentSets` files [backport: release/v0.57] (#7939)
* test: change branch in spdx schema link to check in integration tests [backport: release/v0.57] (#7940)
* release: v0.57.0 [main] (#7710)
* chore: lint `errors.Join` (#7845)
* feat(db): append errors (#7843)
* docs(java): add info about supported scopes (#7842)
* docs: add example of creating whitelist of checks (#7821)
* chore(deps): Bump trivy-checks (#7819)
* fix(go): Do not trim v prefix from versions in Go Mod Analyzer (#7733)
* fix(k8s): skip resources without misconfigs (#7797)
* fix(sbom): use `Annotation` instead of `AttributionTexts` for `SPDX` formats (#7811)
* fix(cli): add config name to skip-policy-update alias (#7820)
* fix(helm): properly handle multiple archived dependencies (#7782)
* refactor(misconf): Deprecate `EXCEPTIONS` for misconfiguration scanning (#7776)
* fix(k8s)!: support k8s multi container (#7444)
* fix(k8s): support kubernetes v1.31 (#7810)
* docs: add Windows install instructions (#7800)
* ci(helm): auto public Helm chart after PR merged (#7526)
* feat: add end of life date for Ubuntu 24.10 (#7787)
* feat(report): update gitlab template to populate operating_system value (#7735)
* feat(misconf): Show misconfig ID in output (#7762)
* feat(misconf): export unresolvable field of IaC types to Rego (#7765)
* refactor(k8s): scan config files as a folder (#7690)
* fix(license): fix license normalization for Universal Permissive License (#7766)
* fix: enable usestdlibvars linter (#7770)
* fix(misconf): properly expand dynamic blocks (#7612)
* feat(cyclonedx): add file checksums to `CycloneDX` reports (#7507)
* fix(misconf): fix for Azure Storage Account network acls adaptation (#7602)
* refactor(misconf): simplify k8s scanner (#7717)
* feat(parser): ignore white space in pom.xml files (#7747)
* test: use forked images (#7755)
* fix(java): correctly inherit `version` and `scope` from upper/root `depManagement` and `dependencies` into parents (#7541)
* fix(misconf): check if property is not nil before conversion (#7578)
* fix(misconf): change default ACL of digitalocean_spaces_bucket to private (#7577)
* feat(misconf): ssl_mode support for GCP SQL DB instance (#7564)
* test: define constants for test images (#7739)
* docs: add note about disabled DS016 check (#7724)
* feat(misconf): public network support for Azure Storage Account (#7601)
* feat(cli): rename `trivy auth` to `trivy registry` (#7727)
* docs: apt-transport-https is a transitional package (#7678)
* refactor(misconf): introduce generic scanner (#7515)
* fix(cli): `clean --all` deletes only relevant dirs (#7704)
* feat(cli): add `trivy auth` (#7664)
* fix(sbom): add options for DBs in private registries (#7660)
* docs(report): fix reporting doc format (#7671)
* fix(repo): `git clone` output to Stderr (#7561)
* fix(redhat): include arch in PURL qualifiers (#7654)
* fix(report): Fix invalid URI in SARIF report (#7645)
* docs(report): Improve SARIF reporting doc (#7655)
* fix(db): fix javadb downloading error handling (#7642)
* feat(cli): error out when ignore file cannot be found (#7624)
Update to version 0.56.2:
* fix(redhat): include arch in PURL qualifiers [backport: release/v0.56] (#7702)
* fix(sbom): add options for DBs in private registries [backport: release/v0.56] (#7691)
- Update to version 0.51.1 (bsc#1227010, CVE-2024-3817):
Patchnames: openSUSE-Leap-16.0-packagehub-33
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.3 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.2 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
67 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for trivy",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for trivy fixes the following issues:\n\nChanges in trivy:\n\nUpdate to version 0.67.2 (bsc#1250625, CVE-2025-11065, bsc#1248897, CVE-2025-58058):\n\n * fix: Use `fetch-level: 1` to check out trivy-repo in the release workflow [backport: release/v0.67] (#9638)\n * fix: restore compatibility for google.protobuf.Value [backport: release/v0.67] (#9631)\n * fix: using SrcVersion instead of Version for echo detector [backport: release/v0.67] (#9629)\n * fix: add `buildInfo` for `BlobInfo` in `rpc` package [backport: release/v0.67] (#9615)\n * fix(vex): don\u0027t use reused BOM [backport: release/v0.67] (#9612)\n * fix(vex): don\u0027t suppress vulns for packages with infinity loop (#9465)\n * fix(aws): use `BuildableClient` insead of `xhttp.Client` (#9436)\n * refactor(misconf): replace github.com/liamg/memoryfs with internal mapfs and testing/fstest (#9282)\n * docs: clarify inline ignore limitations for resource-less checks (#9537)\n * fix(k8s): disable parallel traversal with fs cache for k8s images (#9534)\n * fix(misconf): handle tofu files in module detection (#9486)\n * feat(seal): add seal support (#9370)\n * docs: fix modules path and update code example (#9539)\n * fix: close file descriptors and pipes on error paths (#9536)\n * feat: add documentation URL for database lock errors (#9531)\n * fix(db): Dowload database when missing but metadata still exists (#9393)\n * feat(cloudformation): support default values and list results in Fn::FindInMap (#9515)\n * fix(misconf): unmark cty values before access (#9495)\n * feat(cli): change --list-all-pkgs default to true (#9510)\n * fix(nodejs): parse workspaces as objects for package-lock.json files (#9518)\n * refactor(fs): use underlyingPath to determine virtual files more reliably (#9302)\n * refactor: remove google/wire dependency and implement manual DI (#9509)\n * chore(deps): bump the aws group with 6 updates (#9481)\n * chore(deps): bump the common group across 1 directory with 24 updates (#9507)\n * fix(misconf): wrap legacy ENV values in quotes to preserve spaces (#9497)\n * docs: move info about `detection priority` into coverage section (#9469)\n * feat(sbom): added support for CoreOS (#9448)\n * fix(misconf): strip build metadata suffixes from image history (#9498)\n * feat(cyclonedx): preserve SBOM structure when scanning SBOM files with vulnerability updates (#9439)\n * docs: Fix typo in terraform docs (#9492)\n * feat(redhat): add os-release detection for RHEL-based images (#9458)\n * ci(deps): add 3-day cooldown period for Dependabot updates (#9475)\n * refactor: migrate from go-json-experiment to encoding/json/v2 (#9422)\n * fix(vuln): compare `nuget` package names in lower case (#9456)\n * chore: Update release flow to include chocolatey (#9460)\n * docs: document eol supportability (#9434)\n * docs(report): add nuanses about secret/license scanner in summary table (#9442)\n * ci: use environment variables in GitHub Actions for improved security (#9433)\n * chore: bump Go to 1.24.7 (#9435)\n * fix(nodejs): use snapshot string as `Package.ID` for pnpm packages (#9330)\n * ci(helm): bump Trivy version to 0.66.0 for Trivy Helm Chart 0.18.0 (#9425)\n\nUpdate to version 0.66.0 (bsc#1248937, CVE-2025-58058):\n\n * chore(deps): bump the aws group with 7 updates (#9419)\n * refactor(secret): clarify secret scanner messages (#9409)\n * fix(cyclonedx): handle multiple license types (#9378)\n * fix(repo): sanitize git repo URL before inserting into report metadata (#9391)\n * test: add HTTP basic authentication to git test server (#9407)\n * fix(sbom): add support for `file` component type of `CycloneDX` (#9372)\n * fix(misconf): ensure module source is known (#9404)\n * ci: migrate GitHub Actions from version tags to SHA pinning (#9405)\n * fix: create temp file under composite fs dir (#9387)\n * chore(deps): bump github.com/ulikunitz/xz from 0.5.12 to 0.5.14 (#9403)\n * refactor: switch to stable azcontainerregistry SDK package (#9319)\n * chore(deps): bump the common group with 7 updates (#9382)\n * refactor(misconf): migrate from custom Azure JSON parser (#9222)\n * fix(repo): preserve RepoMetadata on FS cache hit (#9389)\n * refactor(misconf): use atomic.Int32 (#9385)\n * chore(deps): bump the aws group with 6 updates (#9383)\n * docs: Fix broken link to \"Built-in Checks\" (#9375)\n * fix(plugin): don\u0027t remove plugins when updating index.yaml file (#9358)\n * fix: persistent flag option typo (#9374)\n * chore(deps): bump the common group across 1 directory with 26 updates (#9347)\n * fix(image): use standardized HTTP client for ECR authentication (#9322)\n * refactor: export `systemFileFiltering` Post Handler (#9359)\n * docs: update links to Semaphore pages (#9352)\n * fix(conda): memory leak by adding closure method for `package.json` file (#9349)\n * feat: add timeout handling for cache database operations (#9307)\n * fix(misconf): use correct field log_bucket instead of target_bucket in gcp bucket (#9296)\n * fix(misconf): ensure ignore rules respect subdirectory chart paths (#9324)\n * chore(deps): bump alpine from 3.21.4 to 3.22.1 (#9301)\n * feat(terraform): use .terraform cache for remote modules in plan scanning (#9277)\n * chore: fix some function names in comment (#9314)\n * chore(deps): bump the aws group with 7 updates (#9311)\n * docs: add explanation for how to use non-system certificates (#9081)\n * chore(deps): bump the github-actions group across 1 directory with 2 updates (#8962)\n * fix(misconf): preserve original paths of remote submodules from .terraform (#9294)\n * refactor(terraform): make Scan method of Terraform plan scanner private (#9272)\n * fix: suppress debug log for context cancellation errors (#9298)\n * feat(secret): implement streaming secret scanner with byte offset tracking (#9264)\n * fix(python): impove package name normalization (#9290)\n * feat(misconf): added audit config attribute (#9249)\n * refactor(misconf): decouple input fs and track extracted files with fs references (#9281)\n * test(misconf): remove BenchmarkCalculate using outdated check metadata (#9291)\n * refactor: simplify Detect function signature (#9280)\n * ci(helm): bump Trivy version to 0.65.0 for Trivy Helm Chart 0.17.0 (#9288)\n * fix(fs): avoid shadowing errors in file.glob (#9286)\n * test(misconf): move terraform scan tests to integration tests (#9271)\n * test(misconf): drop gcp iam test covered by another case (#9285)\n * chore(deps): bump to alpine from `3.21.3` to `3.21.4` (#9283)\n\nUpdate to version 0.65.0:\n\n * fix(cli): ensure correct command is picked by telemetry (#9260)\n * feat(flag): add schema validation for `--server` flag (#9270)\n * chore(deps): bump github.com/docker/docker from 28.3.2+incompatible to 28.3.3+incompatible (#9274)\n * ci: skip undefined labels in discussion triage action (#9175)\n * feat(repo): add git repository metadata to reports (#9252)\n * fix(license): handle WITH operator for `LaxSplitLicenses` (#9232)\n * chore: add modernize tool integration for code modernization (#9251)\n * fix(secret): add UTF-8 validation in secret scanner to prevent protobuf marshalling errors (#9253)\n * chore: implement process-safe temp file cleanup (#9241)\n * fix: prevent graceful shutdown message on normal exit (#9244)\n * fix(misconf): correctly parse empty port ranges in google_compute_firewall (#9237)\n * feat: add graceful shutdown with signal handling (#9242)\n * chore: update template URL for brew formula (#9221)\n * test: add end-to-end testing framework with image scan and proxy tests (#9231)\n * refactor(db): use `Getter` interface with `GetParams` for trivy-db sources (#9239)\n * ci: specify repository for `gh cache delete` in canary worklfow (#9240)\n * ci: remove invalid `--confirm` flag from `gh cache delete` command in canary builds (#9236)\n * fix(misconf): fix log bucket in schema (#9235)\n * chore(deps): bump the common group across 1 directory with 24 updates (#9228)\n * ci: move runner.os context from job-level env to step-level in canary workflow (#9233)\n * chore(deps): bump up Trivy-kubernetes to v0.9.1 (#9214)\n * feat(misconf): added logging and versioning to the gcp storage bucket (#9226)\n * fix(server): add HTTP transport setup to server mode (#9217)\n * chore: update the rpm download Update (#9202)\n * feat(alma): add AlmaLinux 10 support (#9207)\n * fix(nodejs): don\u0027t use prerelease logic for compare npm constraints (#9208)\n * fix(rootio): fix severity selection (#9181)\n * fix(sbom): merge in-graph and out-of-graph OS packages in scan results (#9194)\n * fix(cli): panic: attempt to get os.Args[1] when len(os.Args) \u003c 2 (#9206)\n * fix(misconf): correctly adapt azure storage account (#9138)\n * feat(misconf): add private ip google access attribute to subnetwork (#9199)\n * feat(report): add CVSS vectors in sarif report (#9157)\n * fix(terraform): `for_each` on a map returns a resource for every key (#9156)\n * fix: supporting .egg-info/METADATA in python.Packaging analyzer (#9151)\n * chore: migrate protoc setup from Docker to buf CLI (#9184)\n * ci: delete cache after artifacts upload in canary workflow (#9177)\n * refactor: remove aws flag helper message (#9080)\n * ci: use gh pr view to get PR number for forked repositories in auto-ready workflow (#9183)\n * ci: add auto-ready-for-review workflow (#9179)\n * feat(image): add Docker context resolution (#9166)\n * ci: optimize golangci-lint performance with cache-based strategy (#9173)\n * feat: add HTTP request/response tracing support (#9125)\n * fix(aws): update amazon linux 2 EOL date (#9176)\n * chore: Update release workflow to trigger version updates (#9162)\n * chore(deps): bump helm.sh/helm/v3 from 3.18.3 to 3.18.4 (#9164)\n * fix: also check `filepath` when removing duplicate packages (#9142)\n * chore: add debug log to show image source location (#9163)\n * docs: add section on customizing default check data (#9114)\n * chore(deps): bump the common group across 1 directory with 9 updates (#9153)\n * docs: partners page content updates (#9149)\n * chore(license): add missed spdx exceptions: (#9147)\n * docs: trivy partners page updates (#9133)\n * fix: migrate from `*.list` to `*.md5sums` files for `dpkg` (#9131)\n * ci(helm): bump Trivy version to 0.64.1 for Trivy Helm Chart 0.16.1 (#9135)\n * feat(sbom): add SHA-512 hash support for CycloneDX SBOM (#9126)\n * fix(misconf): skip rewriting expr if attr is nil (#9113)\n * fix(license): add missed `GFDL-NIV-1.1` and `GFDL-NIV-1.2` into Trivy mapping (#9116)\n * fix(cli): Add more non-sensitive flags to telemetry (#9110)\n * fix(alma): parse epochs from rpmqa file (#9101)\n * fix(rootio): check full version to detect `root.io` packages (#9117)\n * chore: drop FreeBSD 32-bit support (#9102)\n * fix(sbom): use correct field for licenses in CycloneDX reports (#9057)\n * fix(secret): fix line numbers for multiple-line secrets (#9104)\n * feat(license): observe pkg types option in license scanner (#9091)\n * ci(helm): bump Trivy version to 0.64.0 for Trivy Helm Chart 0.16.0 (#9107)\n- (CVE-2025-53547, bsc#1246151)\n\n- Update to version 0.64.1 (bsc#1243633, CVE-2025-47291,\n (bsc#1246730, CVE-2025-46569):\n\n * fix(misconf): skip rewriting expr if attr is nil [backport: release/v0.64] (#9127)\n * fix(cli): Add more non-sensitive flags to telemetry [backport: release/v0.64] (#9124)\n * fix(rootio): check full version to detect `root.io` packages [backport: release/v0.64] (#9120)\n * fix(alma): parse epochs from rpmqa file [backport: release/v0.64] (#9119)\n * docs(python): fix type with METADATA file name (#9090)\n * feat: reject unsupported artifact types in remote image retrieval (#9052)\n * chore(deps): bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 (#9088)\n * refactor(misconf): rewrite Rego module filtering using functional filters (#9061)\n * feat(terraform): add partial evaluation for policy templates (#8967)\n * feat(vuln): add Root.io support for container image scanning (#9073)\n * feat(sbom): add manufacturer field to CycloneDX tools metadata (#9019)\n * fix(cli): add some values to the telemetry call (#9056)\n * feat(ubuntu): add end of life date for Ubuntu 25.04 (#9077)\n * refactor: centralize HTTP transport configuration (#9058)\n * test: include integration tests in linting and fix all issues (#9060)\n * chore(deps): bump the common group across 1 directory with 26 updates (#9063)\n * feat(java): dereference all maven settings.xml env placeholders (#9024)\n * fix(misconf): reduce log noise on incompatible check (#9029)\n * fix(misconf): .Config.User always takes precedence over USER in .History (#9050)\n * chore(deps): update Docker to v28.2.2 and fix compatibility issues (#9037)\n * docs(misconf): simplify misconfiguration docs (#9030)\n * fix(misconf): move disabled checks filtering after analyzer scan (#9002)\n * docs: add PR review policy for maintainers (#9032)\n * fix(sbom): remove unnecessary OS detection check in SBOM decoding (#9034)\n * test: improve and extend tests for iac/adapters/arm (#9028)\n * chore: bump up Go version to 1.24.4 (#9031)\n * feat(cli): add version constraints to annoucements (#9023)\n * fix(misconf): correct Azure value-to-time conversion in AsTimeValue (#9015)\n * feat(ubuntu): add eol date for 20.04-ESM (#8981)\n * fix(report): don\u0027t panic when report contains vulns, but doesn\u0027t contain packages for `table` format (#8549)\n * fix(nodejs): correctly parse `packages` array of `bun.lock` file (#8998)\n * refactor: use strings.SplitSeq instead of strings.Split in for-loop (#8983)\n * docs: change --disable-metrics to --disable-telemetry in example (#8999) (#9003)\n * feat(misconf): add OpenTofu file extension support (#8747)\n * refactor(misconf): set Trivy version by default in Rego scanner (#9001)\n * docs: fix assets with versioning (#8996)\n * docs: add partners page (#8988)\n * chore(alpine): add EOL date for Alpine 3.22 (#8992)\n * fix: don\u0027t show corrupted trivy-db warning for first run (#8991)\n * Update installation.md (#8979)\n * feat(misconf): normalize CreatedBy for buildah and legacy docker builder (#8953)\n * chore(k8s): update comments with deprecated command format (#8964)\n * chore: fix errors and typos in docs (#8963)\n * fix: Add missing version check flags (#8951)\n * feat(redhat): Add EOL date for RHEL 10. (#8910)\n * fix: Correctly check for semver versions for trivy version check (#8948)\n * refactor(server): change custom advisory and vulnerability data types fr\u2026 (#8923)\n * ci(helm): bump Trivy version to 0.63.0 for Trivy Helm Chart 0.15.0 (#8946)\n * fix(misconf): use argument value in WithIncludeDeprecatedChecks (#8942)\n * chore(deps): Bump trivy-checks (#8934)\n * fix(julia): add `Relationship` field support (#8939)\n * feat(minimos): Add support for MinimOS (#8792)\n * feat(alpine): add maintainer field extraction for APK packages (#8930)\n * feat(echo): Add Echo Support (#8833)\n * fix(redhat): Also try to find buildinfo in root layer (layer 0) (#8924)\n * fix(wolfi): support new APK database location (#8937)\n * feat(k8s): get components from namespaced resources (#8918)\n * refactor(cloudformation): remove unused ScanFile method from Scanner (#8927)\n * refactor(terraform): remove result sorting from scanner (#8928)\n * feat(misconf): Add support for `Minimum Trivy Version` (#8880)\n * docs: improve skipping files documentation (#8749)\n * feat(cli): Add available version checking (#8553)\n * feat(nodejs): add a bun.lock analyzer (#8897)\n * feat: terraform parser option to set current working directory (#8909)\n * perf(secret): only match secrets of meaningful length, allow example strings to not be matched (#8602)\n * feat(misconf): export raw Terraform data to Rego (#8741)\n * refactor(terraform): simplify AllReferences method signature in Attribute (#8906)\n * fix: check post-analyzers for StaticPaths (#8904)\n * feat: add Bottlerocket OS package analyzer (#8653)\n * feat(license): improve work text licenses with custom classification (#8888)\n * chore(deps): bump github.com/containerd/containerd/v2 from 2.1.0 to 2.1.1 (#8901)\n * chore(deps): bump the common group across 1 directory with 9 updates (#8887)\n * refactor(license): simplify compound license scanning (#8896)\n * feat(license): Support compound licenses (licenses using SPDX operators) (#8816)\n * fix(k8s): use in-memory cache backend during misconfig scanning (#8873)\n * feat(nodejs): add bun.lock parser (#8851)\n * feat(license): improve work with custom classification of licenses from config file (#8861)\n * fix(cli): disable `--skip-dir` and `--skip-files` flags for `sbom` command (#8886)\n * fix: julia parser panicing (#8883)\n * refactor(db): change logic to detect wrong DB (#8864)\n * fix(cli): don\u0027t use allow values for `--compliance` flag (#8881)\n * docs(misconf): Reorganize misconfiguration scan pages (#8206)\n * fix(server): add missed Relationship field for `rpc` (#8872)\n * feat: add JSONC support for comments and trailing commas (#8862)\n * fix(vex): use `lo.IsNil` to check `VEX` from OCI artifact (#8858)\n * feat(go): support license scanning in both GOPATH and vendor (#8843)\n * fix(redhat): save contentSets for OS packages in fs/vm modes (#8820)\n * fix: filter all files when processing files installed from package managers (#8842)\n * feat(misconf): add misconfiguration location to junit template (#8793)\n * docs(vuln): remove OSV for Python from data sources (#8841)\n * chore: add an issue template for maintainers (#8838)\n * chore: enable staticcheck (#8815)\n * ci(helm): bump Trivy version to 0.62.1 for Trivy Helm Chart 0.14.1 (#8836)\n * feat(license): scan vendor directory for license for go.mod files (#8689)\n * docs(java): Update info about dev deps in gradle lock (#8830)\n * chore(deps): bump golang.org/x/sync from 0.13.0 to 0.14.0 in the common group (#8822)\n * fix(java): exclude dev dependencies in gradle lockfile (#8803)\n * fix: octalLiteral from go-critic (#8811)\n * fix(redhat): trim invalid suffix from content_sets in manifest parsing (#8818)\n * chore(deps): bump the common group across 1 directory with 10 updates (#8817)\n * fix: use-any from revive (#8810)\n * fix: more revive rules (#8814)\n * docs: change in java.md: fix the Trity -to-\u003e Trivy typo (#8813)\n * fix(misconf): check if for-each is known when expanding dyn block (#8808)\n * ci(helm): bump Trivy version to 0.62.0 for Trivy Helm Chart 0.14.0 (#8802)\n\n- Update to version 0.62.1 (bsc#1239225, CVE-2025-22868,\n bsc#1241724, CVE-2025-22872):\n\n * chore(deps): bump the common group across 1 directory with 10 updates [backport: release/v0.62] (#8831)\n * fix(misconf): check if for-each is known when expanding dyn block [backport: release/v0.62] (#8826)\n * fix(redhat): trim invalid suffix from content_sets in manifest parsing [backport: release/v0.62] (#8824)\n * feat(nodejs): add root and workspace for `yarn` packages (#8535)\n * fix: unused-parameter rule from revive (#8794)\n * chore(deps): Update trivy-checks (#8798)\n * fix: early-return, indent-error-flow and superfluous-else rules from revive (#8796)\n * fix(k8s): remove using `last-applied-configuration` (#8791)\n * refactor(misconf): remove unused methods from providers (#8781)\n * refactor(misconf): remove unused methods from iac types (#8782)\n * fix(misconf): filter null nodes when parsing json manifest (#8785)\n * fix: testifylint last issues (#8768)\n * fix(misconf): perform operations on attribute safely (#8774)\n * refactor(ubuntu): update time handling for fixing time (#8780)\n * chore(deps): bump golangci-lint to v2.1.2 (#8766)\n * feat(image): save layers metadata into report (#8394)\n * feat(misconf): convert AWS managed policy to document (#8757)\n * chore(deps): bump the docker group across 1 directory with 3 updates (#8762)\n * ci(helm): bump Trivy version to 0.61.1 for Trivy Helm Chart 0.13.1 (#8753)\n * ci(helm): create a helm branch for patches from main (#8673)\n * fix(terraform): hcl object expressions to return references (#8271)\n * chore(terraform): option to pass in instanced logger (#8738)\n * ci: use `Skitionek/notify-microsoft-teams` instead of `aquasecurity` fork (#8740)\n * chore(terraform): remove os.OpenPath call from terraform file functions (#8737)\n * chore(deps): bump the common group across 1 directory with 23 updates (#8733)\n * feat(rust): add root and workspace relationships/package for `cargo` lock files (#8676)\n * refactor(misconf): remove module outputs from parser.EvaluateAll (#8587)\n * fix(misconf): populate context correctly for module instances (#8656)\n * fix(misconf): check if metadata is not nil (#8647)\n * refactor(misconf): switch to x/json (#8719)\n * fix(report): clean buffer after flushing (#8725)\n * ci: improve PR title validation workflow (#8720)\n * refactor(flag): improve flag system architecture and extensibility (#8718)\n * fix(terraform): `evaluateStep` to correctly set `EvalContext` for multiple instances of blocks (#8555)\n * refactor: migrate from `github.com/aquasecurity/jfather` to `github.com/go-json-experiment/json` (#8591)\n * feat(misconf): support auto_provisioning_defaults in google_container_cluster (#8705)\n * ci: use `github.event.pull_request.user.login` for release PR check workflow (#8702)\n * refactor: add hook interface for extended functionality (#8585)\n * fix(misconf): add missing variable as unknown (#8683)\n * docs: Update maintainer docs (#8674)\n * ci(vuln): reduce github action script injection attack risk (#8610)\n * fix(secret): ignore .dist-info directories during secret scanning (#8646)\n * fix(server): fix redis key when trying to delete blob (#8649)\n * chore(deps): bump the testcontainers group with 2 updates (#8650)\n * test: use `aquasecurity` repository for test images (#8677)\n * chore(deps): bump the aws group across 1 directory with 5 updates (#8652)\n * fix(k8s): skip passed misconfigs for the summary report (#8684)\n * fix(k8s): correct compare artifact versions (#8682)\n * chore: update Docker lib (#8681)\n * refactor(misconf): remove unused terraform attribute methods (#8657)\n * feat(misconf): add option to pass Rego scanner to IaC scanner (#8369)\n * chore: typo fix to replace `rego` with `repo` on the RepoFlagGroup options error output (#8643)\n * docs: Add info about helm charts release (#8640)\n * ci(helm): bump Trivy version to 0.61.0 for Trivy Helm Chart 0.13.0 (#8638)\n\nUpdate to version 0.61.1 (bsc#1239385, CVE-2025-22869, bsc#1240466, CVE-2025-30204):\n\n * fix(k8s): skip passed misconfigs for the summary report [backport: release/v0.61] (#8748)\n * fix(k8s): correct compare artifact versions [backport: release/v0.61] (#8699)\n * test: use `aquasecurity` repository for test images [backport: release/v0.61] (#8698)\n * fix(misconf): Improve logging for unsupported checks (#8634)\n * feat(k8s): add support for controllers (#8614)\n * fix(debian): don\u0027t include empty licenses for `dpkgs` (#8623)\n * fix(misconf): Check values wholly prior to evalution (#8604)\n * chore(deps): Bump trivy-checks (#8619)\n * fix(k8s): show report for `--report all` (#8613)\n * chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 (#8597)\n * refactor: rename scanner to service (#8584)\n * fix(misconf): do not skip loading documents from subdirectories (#8526)\n * refactor(misconf): get a block or attribute without calling HasChild (#8586)\n * fix(misconf): identify the chart file exactly by name (#8590)\n * test: use table-driven tests in Helm scanner tests (#8592)\n * refactor(misconf): Simplify misconfig checks bundle parsing (#8533)\n * chore(deps): bump the common group across 1 directory with 10 updates (#8566)\n * fix(misconf): do not use cty.NilVal for non-nil values (#8567)\n * docs(cli): improve flag value display format (#8560)\n * fix(misconf): set default values for AWS::EKS::Cluster.ResourcesVpcConfig (#8548)\n * docs: remove slack (#8565)\n * fix: use `--file-patterns` flag for all post analyzers (#7365)\n * docs(python): Mention pip-compile (#8484)\n * feat(misconf): adapt aws_opensearch_domain (#8550)\n * feat(misconf): adapt AWS::EC2::VPC (#8534)\n * docs: fix a broken link (#8546)\n * fix(fs): check postAnalyzers for StaticPaths (#8543)\n * refactor(misconf): remove unused methods for ec2.Instance (#8536)\n * feat(misconf): adapt aws_default_security_group (#8538)\n * feat(fs): optimize scanning performance by direct file access for known paths (#8525)\n * feat(misconf): adapt AWS::DynamoDB::Table (#8529)\n * style: Fix MD syntax in self-hosting.md (#8523)\n * perf(misconf): retrieve check metadata from annotations once (#8478)\n * feat(misconf): Add support for aws_ami (#8499)\n * fix(misconf): skip Azure CreateUiDefinition (#8503)\n * refactor(misconf): use OPA v1 (#8518)\n * fix(misconf): add ephemeral block type to config schema (#8513)\n * perf(misconf): parse input for Rego once (#8483)\n * feat: replace TinyGo with standard Go for WebAssembly modules (#8496)\n * chore: replace deprecated tenv linter with usetesting (#8504)\n * fix(spdx): save text licenses into `otherLicenses` without normalize (#8502)\n * chore(deps): bump the common group across 1 directory with 13 updates (#8491)\n * chore: use go.mod for managing Go tools (#8493)\n * ci(helm): bump Trivy version to 0.60.0 for Trivy Helm Chart 0.12.0 (#8494)\n * fix(sbom): improve logic for binding direct dependency to parent component (#8489)\n * chore(deps): remove missed replace of `trivy-db` (#8492)\n * chore(deps): bump alpine from 3.21.0 to 3.21.3 in the docker group across 1 directory (#8490)\n * chore(deps): update Go to 1.24 and switch to go-version-file (#8388)\n * docs: add abbreviation list (#8453)\n * chore(terraform): assign *terraform.Module \u0027parent\u0027 field (#8444)\n * feat: add report summary table (#8177)\n * chore(deps): bump the github-actions group with 3 updates (#8473)\n * refactor(vex): improve SBOM reference handling with project standards (#8457)\n * ci: update GitHub Actions cache to v4 (#8475)\n * feat: add `--vuln-severity-source` flag (#8269)\n * fix(os): add mapping OS aliases (#8466)\n * chore(deps): bump the aws group across 1 directory with 7 updates (#8468)\n * chore(deps): Bump trivy-checks to v1.7.1 (#8467)\n * refactor(report): write tables after rendering all results (#8357)\n * docs: update VEX documentation index page (#8458)\n * fix(db): fix case when 2 trivy-db were copied at the same time (#8452)\n * feat(misconf): render causes for Terraform (#8360)\n * fix(misconf): fix incorrect k8s locations due to JSON to YAML conversion (#8073)\n * feat(cyclonedx): Add initial support for loading external VEX files from SBOM references (#8254)\n * chore(deps): update go-rustaudit location (#8450)\n * fix: update all documentation links (#8045)\n * chore(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 (#8443)\n * chore(deps): bump the common group with 6 updates (#8411)\n * fix(k8s): add missed option `PkgRelationships` (#8442)\n * fix(sbom): add SBOM file\u0027s filePath as Application FilePath if we can\u0027t detect its path (#8346)\n * feat(go): fix parsing main module version for go \u003e= 1.24 (#8433)\n * refactor(misconf): make Rego scanner independent of config type (#7517)\n * fix(image): disable AVD-DS-0007 for history scanning (#8366)\n * fix(server): secrets inspectation for the config analyzer in client server mode (#8418)\n * chore: remove mockery (#8417)\n * test(server): replace mock driver with memory cache in server tests (#8416)\n * test: replace mock with memory cache and fix non-deterministic tests (#8410)\n * test: replace mock with memory cache in scanner tests (#8413)\n * test: use memory cache (#8403)\n * fix(spdx): init `pkgFilePaths` map for all formats (#8380)\n * chore(deps): bump the common group across 1 directory with 11 updates (#8381)\n * docs: correct Ruby documentation (#8402)\n * chore: bump `mockery` to update v2.52.2 version and rebuild mock files (#8390)\n * fix: don\u0027t use `scope` for `trivy registry login` command (#8393)\n * fix(go): merge nested flags into string for ldflags for Go binaries (#8368)\n * chore(terraform): export module path on terraform modules (#8374)\n * fix(terraform): apply parser options to submodule parsing (#8377)\n * docs: Fix typos in documentation (#8361)\n * docs: fix navigate links (#8336)\n * ci(helm): bump Trivy version to 0.59.1 for Trivy Helm Chart 0.11.1 (#8354)\n * ci(spdx): add `aqua-installer` step to fix `mage` error (#8353)\n * chore: remove debug prints (#8347)\n * fix(misconf): do not log scanners when misconfig scanning is disabled (#8345)\n * fix(report): remove html escaping for `shortDescription` and `fullDescription` fields for sarif reports (#8344)\n * chore(deps): bump Go to `v1.23.5` (#8341)\n * fix(python): add `poetry` v2 support (#8323)\n * chore(deps): bump the github-actions group across 1 directory with 4 updates (#8331)\n * fix(misconf): ecs include enhanced for container insights (#8326)\n * fix(sbom): preserve OS packages from multiple SBOMs (#8325)\n * ci(helm): bump Trivy version to 0.59.0 for Trivy Helm Chart 0.11.0 (#8311)\n * (bsc#1237618, CVE-2025-27144)\n\nUpdate to version 0.59.1:\n\n * fix(misconf): do not log scanners when misconfig scanning is disabled [backport: release/v0.59] (#8349)\n * chore(deps): bump Go to `v1.23.5` [backport: release/v0.59] (#8343)\n * fix(python): add `poetry` v2 support [backport: release/v0.59] (#8335)\n * fix(sbom): preserve OS packages from multiple SBOMs [backport: release/v0.59] (#8333)\n\nUpdate to version 0.59.0:\n\n * feat(image): return error early if total size of layers exceeds limit (#8294)\n * chore(deps): Bump trivy-checks (#8310)\n * chore(terraform): add accessors to underlying raw hcl values (#8306)\n * fix: improve conversion of image config to Dockerfile (#8308)\n * docs: replace short codes with Unicode emojis (#8296)\n * feat(k8s): improve artifact selections for specific namespaces (#8248)\n * chore: update code owners (#8303)\n * fix(misconf): handle heredocs in dockerfile instructions (#8284)\n * fix: de-duplicate same `dpkg` packages with different filePaths from different layers (#8298)\n * chore(deps): bump the aws group with 7 updates (#8299)\n * chore(deps): bump the common group with 12 updates (#8301)\n * chore: enable int-conversion from perfsprint (#8194)\n * feat(fs): use git commit hash as cache key for clean repositories (#8278)\n * fix(spdx): use the `hasExtractedLicensingInfos` field for licenses that are not listed in the SPDX (#8077)\n * chore: use require.ErrorContains when possible (#8291)\n * feat(image): prevent scanning oversized container images (#8178)\n * chore(deps): use aqua forks for `github.com/liamg/jfather` and `github.com/liamg/iamgo` (#8289)\n * fix(fs): fix cache key generation to use UUID (#8275)\n * fix(misconf): correctly handle all YAML tags in K8S templates (#8259)\n * feat: add support for registry mirrors (#8244)\n * chore(deps): bump the common group across 1 directory with 29 updates (#8261)\n * refactor(license): improve license expression normalization (#8257)\n * feat(misconf): support for ignoring by inline comments for Dockerfile (#8115)\n * feat: add a examples field to check metadata (#8068)\n * chore(deps): bump alpine from 3.20.0 to 3.21.0 in the docker group across 1 directory (#8196)\n * ci: add workflow to restrict direct PRs to release branches (#8240)\n * fix(suse): SUSE - update OSType constants and references for compatility (#8236)\n * ci: fix path to main dir for canary builds (#8231)\n * chore(secret): add reported issues related to secrets in junit template (#8193)\n * refactor: use trivy-checks/pkg/specs package (#8226)\n * ci(helm): bump Trivy version to 0.58.1 for Trivy Helm Chart 0.10.0 (#8170)\n * fix(misconf): allow null values only for tf variables (#8112)\n * feat(misconf): support for ignoring by inline comments for Helm (#8138)\n * fix(redhat): check `usr/share/buildinfo/` dir to detect content sets (#8222)\n * chore(alpine): add EOL date for Alpine 3.21 (#8221)\n * fix: CVE-2025-21613 and CVE-2025-21614 : go-git: argument injection via the URL field (#8207)\n * fix(misconf): disable git terminal prompt on tf module load (#8026)\n * chore: remove aws iam related scripts (#8179)\n * docs: Updated JSON schema version 2 in the trivy documentation (#8188)\n * refactor(python): use once + debug for `License acquired from METADATA...` logs (#8175)\n * refactor: use slices package instead of custom function (#8172)\n * chore(deps): bump the common group with 6 updates (#8162)\n * feat(python): add support for uv dev and optional dependencies (#8134)\n * feat(python): add support for poetry dev dependencies (#8152)\n * fix(sbom): attach nested packages to Application (#8144)\n * docs(vex): use debian minor version in examples (#8166)\n * refactor: add generic Set implementation (#8149)\n * chore(deps): bump the aws group across 1 directory with 6 updates (#8163)\n * fix(python): skip dev group\u0027s deps for poetry (#8106)\n * fix(sbom): use root package for `unknown` dependencies (if exists) (#8104)\n * chore(deps): bump `golang.org/x/net` from `v0.32.0` to `v0.33.0` (#8140)\n * chore(vex): suppress CVE-2024-45338 (#8137)\n * feat(python): add support for uv (#8080)\n * chore(deps): bump the docker group across 1 directory with 3 updates (#8127)\n * chore(deps): bump the common group across 1 directory with 14 updates (#8126)\n * chore: bump go to 1.23.4 (#8123)\n * test: set dummy value for NUGET_PACKAGES (#8107)\n * chore(deps): bump `github.com/CycloneDX/cyclonedx-go` from `v0.9.1` to `v0.9.2` (#8105)\n * chore(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 (#8103)\n * fix: wasm module test (#8099)\n * fix: CVE-2024-45337: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass (#8088)\n * chore(vex): suppress CVE-2024-45337 (#8101)\n * fix(license): always trim leading and trailing spaces for licenses (#8095)\n * fix(sbom): scan results of SBOMs generated from container images are missing layers (#7635)\n * fix(redhat): correct rewriting of recommendations for the same vulnerability (#8063)\n * fix: enable err-error and errorf rules from perfsprint linter (#7859)\n * chore(deps): bump the aws group across 1 directory with 6 updates (#8074)\n * perf: avoid heap allocation in applier findPackage (#7883)\n * fix: Updated twitter icon (#7772)\n * docs(k8s): add a note about multi-container pods (#7815)\n * feat: add `--distro` flag to manually specify OS distribution for vulnerability scanning (#8070)\n * fix(oracle): add architectures support for advisories (#4809)\n * fix: handle `BLOW_UNKNOWN` error to download DBs (#8060)\n * feat(misconf): generate placeholders for random provider resources (#8051)\n * fix(sbom): fix wrong overwriting of applications obtained from different sbom files but having same app type (#8052)\n * fix(flag): skip hidden flags for `--generate-default-config` command (#8046)\n * fix(java): correctly overwrite version from depManagement if dependency uses `project.*` props (#8050)\n * feat(nodejs): respect peer dependencies for dependency tree (#7989)\n * ci(helm): bump Trivy version to 0.58.0 for Trivy Helm Chart 0.10.0 (#8038)\n * fix: respect GITHUB_TOKEN to download artifacts from GHCR (#7580)\n * chore(deps): bump github.com/moby/buildkit from 0.17.2 to 0.18.0 in the docker group (#8029)\n * fix(misconf): use log instead of fmt for logging (#8033)\n * docs: add commercial content (#8030)\n\n- Update to version 0.58.2 (\n bsc#1234512, CVE-2024-45337,\n bsc#1235265, CVE-2024-45338,\n bsc#1232948, CVE-2024-51744):\n\n * fix(misconf): allow null values only for tf variables [backport: release/v0.58] (#8238)\n * fix(suse): SUSE - update OSType constants and references for compatility [backport: release/v0.58] (#8237)\n * fix: CVE-2025-21613 and CVE-2025-21614 : go-git: argument injection via the URL field [backport: release/v0.58] (#8215)\n * fix(sbom): attach nested packages to Application [backport: release/v0.58] (#8168)\n * fix(python): skip dev group\u0027s deps for poetry [backport: release/v0.58] (#8158)\n * fix(sbom): use root package for `unknown` dependencies (if exists) [backport: release/v0.58] (#8156)\n * chore(deps): bump `golang.org/x/net` from `v0.32.0` to `v0.33.0` [backport: release/v0.58] (#8142)\n * chore(deps): bump `github.com/CycloneDX/cyclonedx-go` from `v0.9.1` to `v0.9.2` [backport: release/v0.58] (#8136)\n * fix(redhat): correct rewriting of recommendations for the same vulnerability [backport: release/v0.58] (#8135)\n * fix(oracle): add architectures support for advisories [backport: release/v0.58] (#8125)\n * fix(sbom): fix wrong overwriting of applications obtained from different sbom files but having same app type [backport: release/v0.58] (#8124)\n * chore(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 [backport: release/v0.58] (#8122)\n * fix: handle `BLOW_UNKNOWN` error to download DBs [backport: release/v0.58] (#8121)\n * fix(java): correctly overwrite version from depManagement if dependency uses `project.*` props [backport: release/v0.58] (#8119)\n * fix(misconf): wrap AWS EnvVar to iac types (#7407)\n * chore(deps): Upgrade trivy-checks (#8018)\n * refactor(misconf): Remove unused options (#7896)\n * docs: add terminology page to explain Trivy concepts (#7996)\n * feat: add `workspaceRelationship` (#7889)\n * refactor(sbom): simplify relationship generation (#7985)\n * chore: remove Go checks (#7907)\n * docs: improve databases documentation (#7732)\n * refactor: remove support for custom Terraform checks (#7901)\n * docs: fix dead links (#7998)\n * docs: drop AWS account scanning (#7997)\n * fix(aws): change CPU and Memory type of ContainerDefinition to a string (#7995)\n * fix(cli): Handle empty ignore files more gracefully (#7962)\n * fix(misconf): load full Terraform module (#7925)\n * fix(misconf): properly resolve local Terraform cache (#7983)\n * refactor(k8s): add v prefix for Go packages (#7839)\n * test: replace Go checks with Rego (#7867)\n * feat(misconf): log causes of HCL file parsing errors (#7634)\n * chore(deps): bump the aws group across 1 directory with 7 updates (#7991)\n * chore(deps): bump github.com/moby/buildkit from 0.17.0 to 0.17.2 in the docker group across 1 directory (#7990)\n * chore(deps): update csaf module dependency from csaf-poc to gocsaf (#7992)\n * chore: downgrade the failed block expand message to debug (#7964)\n * fix(misconf): do not erase variable type for child modules (#7941)\n * feat(go): construct dependencies of `go.mod` main module in the parser (#7977)\n * feat(go): construct dependencies in the parser (#7973)\n * feat: add cvss v4 score and vector in scan response (#7968)\n * docs: add `overview` page for `others` (#7972)\n * fix(sbom): Fixes for Programming Language Vulnerabilities and SBOM Package Maintainer Details (#7871)\n * feat(suse): Align SUSE/OpenSUSE OS Identifiers (#7965)\n * chore(deps): bump the common group with 4 updates (#7949)\n * feat(oracle): add `flavors` support (#7858)\n * fix(misconf): Update trivy-checks default repo to `mirror.gcr.io` (#7953)\n * chore(deps): Bump up trivy-checks to v1.3.0 (#7959)\n * fix(k8s): check all results for vulnerabilities (#7946)\n * ci(helm): bump Trivy version to 0.57.1 for Trivy Helm Chart 0.9.0 (#7945)\n * feat(secret): Add built-in secrets rules for Private Packagist (#7826)\n * docs: Fix broken links (#7900)\n * docs: fix mistakes/typos (#7942)\n * feat: Update registry fallbacks (#7679)\n * fix(alpine): add `UID` for removed packages (#7887)\n * chore(deps): bump the aws group with 6 updates (#7902)\n * chore(deps): bump the common group with 6 updates (#7904)\n * fix(debian): infinite loop (#7928)\n * fix(redhat): don\u0027t return error if `root/buildinfo/content_manifests/` contains files that are not `contentSets` files (#7912)\n * docs: add note about temporary podman socket (#7921)\n * docs: combine trivy.dev into trivy docs (#7884)\n * test: change branch in spdx schema link to check in integration tests (#7935)\n * docs: add Headlamp to the Trivy Ecosystem page (#7916)\n * fix(report): handle `git@github.com` schema for misconfigs in `sarif` report (#7898)\n * chore(k8s): enhance k8s scan log (#6997)\n * fix(terraform): set null value as fallback for missing variables (#7669)\n * fix(misconf): handle null properties in CloudFormation templates (#7813)\n * fix(fs): add missing defered Cleanup() call to post analyzer fs (#7882)\n * chore(deps): bump the common group across 1 directory with 20 updates (#7876)\n * chore: bump containerd to v2.0.0 (#7875)\n * fix: Improve version comparisons when build identifiers are present (#7873)\n * feat(k8s): add default commands for unknown platform (#7863)\n * chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 (#7868)\n * refactor(secret): optimize performance by moving ToLower operation outside loop (#7862)\n * test: save `containerd` image into archive and use in tests (#7816)\n * chore(deps): bump the github-actions group across 1 directory with 2 updates (#7854)\n * chore: bump golangci-lint to v1.61.0 (#7853)\n\nUpdate to version 0.57.1:\n\n * feat: Update registry fallbacks [backport: release/v0.57] (#7944)\n * fix(redhat): don\u0027t return error if `root/buildinfo/content_manifests/` contains files that are not `contentSets` files [backport: release/v0.57] (#7939)\n * test: change branch in spdx schema link to check in integration tests [backport: release/v0.57] (#7940)\n * release: v0.57.0 [main] (#7710)\n * chore: lint `errors.Join` (#7845)\n * feat(db): append errors (#7843)\n * docs(java): add info about supported scopes (#7842)\n * docs: add example of creating whitelist of checks (#7821)\n * chore(deps): Bump trivy-checks (#7819)\n * fix(go): Do not trim v prefix from versions in Go Mod Analyzer (#7733)\n * fix(k8s): skip resources without misconfigs (#7797)\n * fix(sbom): use `Annotation` instead of `AttributionTexts` for `SPDX` formats (#7811)\n * fix(cli): add config name to skip-policy-update alias (#7820)\n * fix(helm): properly handle multiple archived dependencies (#7782)\n * refactor(misconf): Deprecate `EXCEPTIONS` for misconfiguration scanning (#7776)\n * fix(k8s)!: support k8s multi container (#7444)\n * fix(k8s): support kubernetes v1.31 (#7810)\n * docs: add Windows install instructions (#7800)\n * ci(helm): auto public Helm chart after PR merged (#7526)\n * feat: add end of life date for Ubuntu 24.10 (#7787)\n * feat(report): update gitlab template to populate operating_system value (#7735)\n * feat(misconf): Show misconfig ID in output (#7762)\n * feat(misconf): export unresolvable field of IaC types to Rego (#7765)\n * refactor(k8s): scan config files as a folder (#7690)\n * fix(license): fix license normalization for Universal Permissive License (#7766)\n * fix: enable usestdlibvars linter (#7770)\n * fix(misconf): properly expand dynamic blocks (#7612)\n * feat(cyclonedx): add file checksums to `CycloneDX` reports (#7507)\n * fix(misconf): fix for Azure Storage Account network acls adaptation (#7602)\n * refactor(misconf): simplify k8s scanner (#7717)\n * feat(parser): ignore white space in pom.xml files (#7747)\n * test: use forked images (#7755)\n * fix(java): correctly inherit `version` and `scope` from upper/root `depManagement` and `dependencies` into parents (#7541)\n * fix(misconf): check if property is not nil before conversion (#7578)\n * fix(misconf): change default ACL of digitalocean_spaces_bucket to private (#7577)\n * feat(misconf): ssl_mode support for GCP SQL DB instance (#7564)\n * test: define constants for test images (#7739)\n * docs: add note about disabled DS016 check (#7724)\n * feat(misconf): public network support for Azure Storage Account (#7601)\n * feat(cli): rename `trivy auth` to `trivy registry` (#7727)\n * docs: apt-transport-https is a transitional package (#7678)\n * refactor(misconf): introduce generic scanner (#7515)\n * fix(cli): `clean --all` deletes only relevant dirs (#7704)\n * feat(cli): add `trivy auth` (#7664)\n * fix(sbom): add options for DBs in private registries (#7660)\n * docs(report): fix reporting doc format (#7671)\n * fix(repo): `git clone` output to Stderr (#7561)\n * fix(redhat): include arch in PURL qualifiers (#7654)\n * fix(report): Fix invalid URI in SARIF report (#7645)\n * docs(report): Improve SARIF reporting doc (#7655)\n * fix(db): fix javadb downloading error handling (#7642)\n * feat(cli): error out when ignore file cannot be found (#7624)\n\nUpdate to version 0.56.2:\n\n * fix(redhat): include arch in PURL qualifiers [backport: release/v0.56] (#7702)\n * fix(sbom): add options for DBs in private registries [backport: release/v0.56] (#7691)\n\n- Update to version 0.51.1 (bsc#1227010, CVE-2024-3817):\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-packagehub-33",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_20117-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1227010",
"url": "https://bugzilla.suse.com/1227010"
},
{
"category": "self",
"summary": "SUSE Bug 1232948",
"url": "https://bugzilla.suse.com/1232948"
},
{
"category": "self",
"summary": "SUSE Bug 1234512",
"url": "https://bugzilla.suse.com/1234512"
},
{
"category": "self",
"summary": "SUSE Bug 1235265",
"url": "https://bugzilla.suse.com/1235265"
},
{
"category": "self",
"summary": "SUSE Bug 1237618",
"url": "https://bugzilla.suse.com/1237618"
},
{
"category": "self",
"summary": "SUSE Bug 1239225",
"url": "https://bugzilla.suse.com/1239225"
},
{
"category": "self",
"summary": "SUSE Bug 1239385",
"url": "https://bugzilla.suse.com/1239385"
},
{
"category": "self",
"summary": "SUSE Bug 1240466",
"url": "https://bugzilla.suse.com/1240466"
},
{
"category": "self",
"summary": "SUSE Bug 1241724",
"url": "https://bugzilla.suse.com/1241724"
},
{
"category": "self",
"summary": "SUSE Bug 1243633",
"url": "https://bugzilla.suse.com/1243633"
},
{
"category": "self",
"summary": "SUSE Bug 1246151",
"url": "https://bugzilla.suse.com/1246151"
},
{
"category": "self",
"summary": "SUSE Bug 1246730",
"url": "https://bugzilla.suse.com/1246730"
},
{
"category": "self",
"summary": "SUSE Bug 1248897",
"url": "https://bugzilla.suse.com/1248897"
},
{
"category": "self",
"summary": "SUSE Bug 1248937",
"url": "https://bugzilla.suse.com/1248937"
},
{
"category": "self",
"summary": "SUSE Bug 1250625",
"url": "https://bugzilla.suse.com/1250625"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3817 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3817/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45337 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45337/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45338 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45338/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-51744 page",
"url": "https://www.suse.com/security/cve/CVE-2024-51744/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-11065 page",
"url": "https://www.suse.com/security/cve/CVE-2025-11065/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21613 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21613/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21614 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21614/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22868 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22868/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22872 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22872/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27144 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27144/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-30204 page",
"url": "https://www.suse.com/security/cve/CVE-2025-30204/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-46569 page",
"url": "https://www.suse.com/security/cve/CVE-2025-46569/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47291 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47291/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-53547 page",
"url": "https://www.suse.com/security/cve/CVE-2025-53547/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58058 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58058/"
}
],
"title": "Security update for trivy",
"tracking": {
"current_release_date": "2025-11-27T12:27:44Z",
"generator": {
"date": "2025-11-27T12:27:44Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:20117-1",
"initial_release_date": "2025-11-27T12:27:44Z",
"revision_history": [
{
"date": "2025-11-27T12:27:44Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.66.0-bp160.1.1.aarch64",
"product": {
"name": "trivy-0.66.0-bp160.1.1.aarch64",
"product_id": "trivy-0.66.0-bp160.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.66.0-bp160.1.1.ppc64le",
"product": {
"name": "trivy-0.66.0-bp160.1.1.ppc64le",
"product_id": "trivy-0.66.0-bp160.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.66.0-bp160.1.1.s390x",
"product": {
"name": "trivy-0.66.0-bp160.1.1.s390x",
"product_id": "trivy-0.66.0-bp160.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.66.0-bp160.1.1.x86_64",
"product": {
"name": "trivy-0.66.0-bp160.1.1.x86_64",
"product_id": "trivy-0.66.0-bp160.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.66.0-bp160.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64"
},
"product_reference": "trivy-0.66.0-bp160.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.66.0-bp160.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le"
},
"product_reference": "trivy-0.66.0-bp160.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.66.0-bp160.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x"
},
"product_reference": "trivy-0.66.0-bp160.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.66.0-bp160.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
},
"product_reference": "trivy-0.66.0-bp160.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-3817",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3817"
}
],
"notes": [
{
"category": "general",
"text": "HashiCorp\u0027s go-getter library is vulnerable to argument injection when executing Git to discover remote branches. \n\nThis vulnerability does not affect the go-getter/v2 branch and package.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3817",
"url": "https://www.suse.com/security/cve/CVE-2024-3817"
},
{
"category": "external",
"summary": "SUSE Bug 1226999 for CVE-2024-3817",
"url": "https://bugzilla.suse.com/1226999"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-27T12:27:44Z",
"details": "critical"
}
],
"title": "CVE-2024-3817"
},
{
"cve": "CVE-2024-45337",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45337"
}
],
"notes": [
{
"category": "general",
"text": "Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that \"A call to this function does not guarantee that the key offered is in fact used to authenticate.\" Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/cry...@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45337",
"url": "https://www.suse.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "SUSE Bug 1234482 for CVE-2024-45337",
"url": "https://bugzilla.suse.com/1234482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-27T12:27:44Z",
"details": "important"
}
],
"title": "CVE-2024-45337"
},
{
"cve": "CVE-2024-45338",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45338"
}
],
"notes": [
{
"category": "general",
"text": "An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45338",
"url": "https://www.suse.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "SUSE Bug 1234794 for CVE-2024-45338",
"url": "https://bugzilla.suse.com/1234794"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-27T12:27:44Z",
"details": "moderate"
}
],
"title": "CVE-2024-45338"
},
{
"cve": "CVE-2024-51744",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-51744"
}
],
"notes": [
{
"category": "general",
"text": "golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by `ParseWithClaims` return both error codes. If users only check for the `jwt.ErrTokenExpired ` using `error.Is`, they will ignore the embedded `jwt.ErrTokenSignatureInvalid` and thus potentially accept invalid tokens. A fix has been back-ported with the error handling logic from the `v5` branch to the `v4` branch. In this logic, the `ParseWithClaims` function will immediately return in \"dangerous\" situations (e.g., an invalid signature), limiting the combined errors only to situations where the signature is valid, but further validation failed (e.g., if the signature is valid, but is expired AND has the wrong audience). This fix is part of the 4.5.1 release. We are aware that this changes the behaviour of an established function and is not 100 % backwards compatible, so updating to 4.5.1 might break your code. In case you cannot update to 4.5.0, please make sure that you are properly checking for all errors (\"dangerous\" ones first), so that you are not running in the case detailed above.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-51744",
"url": "https://www.suse.com/security/cve/CVE-2024-51744"
},
{
"category": "external",
"summary": "SUSE Bug 1232936 for CVE-2024-51744",
"url": "https://bugzilla.suse.com/1232936"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-27T12:27:44Z",
"details": "moderate"
}
],
"title": "CVE-2024-51744"
},
{
"cve": "CVE-2025-11065",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-11065"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-11065",
"url": "https://www.suse.com/security/cve/CVE-2025-11065"
},
{
"category": "external",
"summary": "SUSE Bug 1250608 for CVE-2025-11065",
"url": "https://bugzilla.suse.com/1250608"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-27T12:27:44Z",
"details": "moderate"
}
],
"title": "CVE-2025-11065"
},
{
"cve": "CVE-2025-21613",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21613"
}
],
"notes": [
{
"category": "general",
"text": "go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only happens when the file transport protocol is being used, as that is the only protocol that shells out to git binaries. This vulnerability is fixed in 5.13.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21613",
"url": "https://www.suse.com/security/cve/CVE-2025-21613"
},
{
"category": "external",
"summary": "SUSE Bug 1235572 for CVE-2025-21613",
"url": "https://bugzilla.suse.com/1235572"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-27T12:27:44Z",
"details": "important"
}
],
"title": "CVE-2025-21613"
},
{
"cve": "CVE-2025-21614",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21614"
}
],
"notes": [
{
"category": "general",
"text": "go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Users running versions of go-git from v4 and above are recommended to upgrade to v5.13 in order to mitigate this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21614",
"url": "https://www.suse.com/security/cve/CVE-2025-21614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-27T12:27:44Z",
"details": "important"
}
],
"title": "CVE-2025-21614"
},
{
"cve": "CVE-2025-22868",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22868"
}
],
"notes": [
{
"category": "general",
"text": "An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22868",
"url": "https://www.suse.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "SUSE Bug 1239185 for CVE-2025-22868",
"url": "https://bugzilla.suse.com/1239185"
},
{
"category": "external",
"summary": "SUSE Bug 1239186 for CVE-2025-22868",
"url": "https://bugzilla.suse.com/1239186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-27T12:27:44Z",
"details": "important"
}
],
"title": "CVE-2025-22868"
},
{
"cve": "CVE-2025-22869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22869"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22869",
"url": "https://www.suse.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "SUSE Bug 1239322 for CVE-2025-22869",
"url": "https://bugzilla.suse.com/1239322"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-27T12:27:44Z",
"details": "important"
}
],
"title": "CVE-2025-22869"
},
{
"cve": "CVE-2025-22872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22872"
}
],
"notes": [
{
"category": "general",
"text": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22872",
"url": "https://www.suse.com/security/cve/CVE-2025-22872"
},
{
"category": "external",
"summary": "SUSE Bug 1241710 for CVE-2025-22872",
"url": "https://bugzilla.suse.com/1241710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-27T12:27:44Z",
"details": "moderate"
}
],
"title": "CVE-2025-22872"
},
{
"cve": "CVE-2025-27144",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27144"
}
],
"notes": [
{
"category": "general",
"text": "Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code used strings.Split(token, \".\") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service. Version 4.0.5 fixes this issue. As a workaround, applications could pre-validate that payloads passed to Go JOSE do not contain an excessive number of `.` characters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27144",
"url": "https://www.suse.com/security/cve/CVE-2025-27144"
},
{
"category": "external",
"summary": "SUSE Bug 1237608 for CVE-2025-27144",
"url": "https://bugzilla.suse.com/1237608"
},
{
"category": "external",
"summary": "SUSE Bug 1237609 for CVE-2025-27144",
"url": "https://bugzilla.suse.com/1237609"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-27T12:27:44Z",
"details": "important"
}
],
"title": "CVE-2025-27144"
},
{
"cve": "CVE-2025-30204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-30204"
}
],
"notes": [
{
"category": "general",
"text": "golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function\u0027s argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-30204",
"url": "https://www.suse.com/security/cve/CVE-2025-30204"
},
{
"category": "external",
"summary": "SUSE Bug 1240441 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240441"
},
{
"category": "external",
"summary": "SUSE Bug 1240442 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-27T12:27:44Z",
"details": "important"
}
],
"title": "CVE-2025-30204"
},
{
"cve": "CVE-2025-46569",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-46569"
}
],
"notes": [
{
"category": "general",
"text": "Open Policy Agent (OPA) is an open source, general-purpose policy engine. Prior to version 1.4.0, when run as a server, OPA exposes an HTTP Data API for reading and writing documents. Requesting a virtual document through the Data API entails policy evaluation, where a Rego query containing a single data document reference is constructed from the requested path. This query is then used for policy evaluation. A HTTP request path can be crafted in a way that injects Rego code into the constructed query. The evaluation result cannot be made to return any other data than what is generated by the requested path, but this path can be misdirected, and the injected Rego code can be crafted to make the query succeed or fail; opening up for oracle attacks or, given the right circumstances, erroneous policy decision results. Furthermore, the injected code can be crafted to be computationally expensive, resulting in a Denial Of Service (DoS) attack. This issue has been patched in version 1.4.0. A workaround involves having network access to OPA\u0027s RESTful APIs being limited to `localhost` and/or trusted networks, unless necessary for production reasons.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-46569",
"url": "https://www.suse.com/security/cve/CVE-2025-46569"
},
{
"category": "external",
"summary": "SUSE Bug 1246710 for CVE-2025-46569",
"url": "https://bugzilla.suse.com/1246710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-27T12:27:44Z",
"details": "important"
}
],
"title": "CVE-2025-46569"
},
{
"cve": "CVE-2025-47291",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47291"
}
],
"notes": [
{
"category": "general",
"text": "containerd is an open-source container runtime. A bug was found in the containerd\u0027s CRI implementation where containerd, starting in version 2.0.1 and prior to version 2.0.5, doesn\u0027t put usernamespaced containers under the Kubernetes\u0027 cgroup hierarchy, therefore some Kubernetes limits are not honored. This may cause a denial of service of the Kubernetes node. This bug has been fixed in containerd 2.0.5+ and 2.1.0+. Users should update to these versions to resolve the issue. As a workaround, disable usernamespaced pods in Kubernetes temporarily.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47291",
"url": "https://www.suse.com/security/cve/CVE-2025-47291"
},
{
"category": "external",
"summary": "SUSE Bug 1243632 for CVE-2025-47291",
"url": "https://bugzilla.suse.com/1243632"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-27T12:27:44Z",
"details": "moderate"
}
],
"title": "CVE-2025-47291"
},
{
"cve": "CVE-2025-53547",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-53547"
}
],
"notes": [
{
"category": "general",
"text": "Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when dependencies are updated and this file is written, can be crafted in a way that can cause execution if that same content were in a file that is executed (e.g., a bash.rc file or shell script). If the Chart.lock file is symlinked to one of these files updating dependencies will write the lock file content to the symlinked file. This can lead to unwanted execution. Helm warns of the symlinked file but did not stop execution due to symlinking. This issue has been resolved in Helm v3.18.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-53547",
"url": "https://www.suse.com/security/cve/CVE-2025-53547"
},
{
"category": "external",
"summary": "SUSE Bug 1246150 for CVE-2025-53547",
"url": "https://bugzilla.suse.com/1246150"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-27T12:27:44Z",
"details": "important"
}
],
"title": "CVE-2025-53547"
},
{
"cve": "CVE-2025-58058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58058"
}
],
"notes": [
{
"category": "general",
"text": "xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current implementation allocates the full decoding buffer directly after reading the header. The LZMA header doesn\u0027t include a magic number or has a checksum to detect such an issue according to the specification. Note that the code recognizes the issue later while reading the stream, but at this time the memory allocation has already been done. This issue has been patched in version 0.5.14.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58058",
"url": "https://www.suse.com/security/cve/CVE-2025-58058"
},
{
"category": "external",
"summary": "SUSE Bug 1248889 for CVE-2025-58058",
"url": "https://bugzilla.suse.com/1248889"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:trivy-0.66.0-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-27T12:27:44Z",
"details": "moderate"
}
],
"title": "CVE-2025-58058"
}
]
}
OPENSUSE-SU-2026:10099-1
Vulnerability from csaf_opensuse - Published: 2026-01-26 00:00 - Updated: 2026-01-26 00:00Summary
zli-2.1.14-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: zli-2.1.14-1.1 on GA media
Description of the patch: These are all security issues fixed in the zli-2.1.14-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10099
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:zli-2.1.14-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zli-2.1.14-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zli-2.1.14-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zli-2.1.14-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zli-bash-completion-2.1.14-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zli-bash-completion-2.1.14-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zli-bash-completion-2.1.14-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zli-bash-completion-2.1.14-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zli-fish-completion-2.1.14-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zli-fish-completion-2.1.14-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zli-fish-completion-2.1.14-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zli-fish-completion-2.1.14-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zli-zsh-completion-2.1.14-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zli-zsh-completion-2.1.14-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zli-zsh-completion-2.1.14-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zli-zsh-completion-2.1.14-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
6 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "zli-2.1.14-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the zli-2.1.14-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10099",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10099-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-30204 page",
"url": "https://www.suse.com/security/cve/CVE-2025-30204/"
}
],
"title": "zli-2.1.14-1.1 on GA media",
"tracking": {
"current_release_date": "2026-01-26T00:00:00Z",
"generator": {
"date": "2026-01-26T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10099-1",
"initial_release_date": "2026-01-26T00:00:00Z",
"revision_history": [
{
"date": "2026-01-26T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "zli-2.1.14-1.1.aarch64",
"product": {
"name": "zli-2.1.14-1.1.aarch64",
"product_id": "zli-2.1.14-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "zli-bash-completion-2.1.14-1.1.aarch64",
"product": {
"name": "zli-bash-completion-2.1.14-1.1.aarch64",
"product_id": "zli-bash-completion-2.1.14-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "zli-fish-completion-2.1.14-1.1.aarch64",
"product": {
"name": "zli-fish-completion-2.1.14-1.1.aarch64",
"product_id": "zli-fish-completion-2.1.14-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "zli-zsh-completion-2.1.14-1.1.aarch64",
"product": {
"name": "zli-zsh-completion-2.1.14-1.1.aarch64",
"product_id": "zli-zsh-completion-2.1.14-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "zli-2.1.14-1.1.ppc64le",
"product": {
"name": "zli-2.1.14-1.1.ppc64le",
"product_id": "zli-2.1.14-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zli-bash-completion-2.1.14-1.1.ppc64le",
"product": {
"name": "zli-bash-completion-2.1.14-1.1.ppc64le",
"product_id": "zli-bash-completion-2.1.14-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zli-fish-completion-2.1.14-1.1.ppc64le",
"product": {
"name": "zli-fish-completion-2.1.14-1.1.ppc64le",
"product_id": "zli-fish-completion-2.1.14-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zli-zsh-completion-2.1.14-1.1.ppc64le",
"product": {
"name": "zli-zsh-completion-2.1.14-1.1.ppc64le",
"product_id": "zli-zsh-completion-2.1.14-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "zli-2.1.14-1.1.s390x",
"product": {
"name": "zli-2.1.14-1.1.s390x",
"product_id": "zli-2.1.14-1.1.s390x"
}
},
{
"category": "product_version",
"name": "zli-bash-completion-2.1.14-1.1.s390x",
"product": {
"name": "zli-bash-completion-2.1.14-1.1.s390x",
"product_id": "zli-bash-completion-2.1.14-1.1.s390x"
}
},
{
"category": "product_version",
"name": "zli-fish-completion-2.1.14-1.1.s390x",
"product": {
"name": "zli-fish-completion-2.1.14-1.1.s390x",
"product_id": "zli-fish-completion-2.1.14-1.1.s390x"
}
},
{
"category": "product_version",
"name": "zli-zsh-completion-2.1.14-1.1.s390x",
"product": {
"name": "zli-zsh-completion-2.1.14-1.1.s390x",
"product_id": "zli-zsh-completion-2.1.14-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "zli-2.1.14-1.1.x86_64",
"product": {
"name": "zli-2.1.14-1.1.x86_64",
"product_id": "zli-2.1.14-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "zli-bash-completion-2.1.14-1.1.x86_64",
"product": {
"name": "zli-bash-completion-2.1.14-1.1.x86_64",
"product_id": "zli-bash-completion-2.1.14-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "zli-fish-completion-2.1.14-1.1.x86_64",
"product": {
"name": "zli-fish-completion-2.1.14-1.1.x86_64",
"product_id": "zli-fish-completion-2.1.14-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "zli-zsh-completion-2.1.14-1.1.x86_64",
"product": {
"name": "zli-zsh-completion-2.1.14-1.1.x86_64",
"product_id": "zli-zsh-completion-2.1.14-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "zli-2.1.14-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zli-2.1.14-1.1.aarch64"
},
"product_reference": "zli-2.1.14-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zli-2.1.14-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zli-2.1.14-1.1.ppc64le"
},
"product_reference": "zli-2.1.14-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zli-2.1.14-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zli-2.1.14-1.1.s390x"
},
"product_reference": "zli-2.1.14-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zli-2.1.14-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zli-2.1.14-1.1.x86_64"
},
"product_reference": "zli-2.1.14-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zli-bash-completion-2.1.14-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zli-bash-completion-2.1.14-1.1.aarch64"
},
"product_reference": "zli-bash-completion-2.1.14-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zli-bash-completion-2.1.14-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zli-bash-completion-2.1.14-1.1.ppc64le"
},
"product_reference": "zli-bash-completion-2.1.14-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zli-bash-completion-2.1.14-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zli-bash-completion-2.1.14-1.1.s390x"
},
"product_reference": "zli-bash-completion-2.1.14-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zli-bash-completion-2.1.14-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zli-bash-completion-2.1.14-1.1.x86_64"
},
"product_reference": "zli-bash-completion-2.1.14-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zli-fish-completion-2.1.14-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zli-fish-completion-2.1.14-1.1.aarch64"
},
"product_reference": "zli-fish-completion-2.1.14-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zli-fish-completion-2.1.14-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zli-fish-completion-2.1.14-1.1.ppc64le"
},
"product_reference": "zli-fish-completion-2.1.14-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zli-fish-completion-2.1.14-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zli-fish-completion-2.1.14-1.1.s390x"
},
"product_reference": "zli-fish-completion-2.1.14-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zli-fish-completion-2.1.14-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zli-fish-completion-2.1.14-1.1.x86_64"
},
"product_reference": "zli-fish-completion-2.1.14-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zli-zsh-completion-2.1.14-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zli-zsh-completion-2.1.14-1.1.aarch64"
},
"product_reference": "zli-zsh-completion-2.1.14-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zli-zsh-completion-2.1.14-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zli-zsh-completion-2.1.14-1.1.ppc64le"
},
"product_reference": "zli-zsh-completion-2.1.14-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zli-zsh-completion-2.1.14-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zli-zsh-completion-2.1.14-1.1.s390x"
},
"product_reference": "zli-zsh-completion-2.1.14-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zli-zsh-completion-2.1.14-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zli-zsh-completion-2.1.14-1.1.x86_64"
},
"product_reference": "zli-zsh-completion-2.1.14-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-30204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-30204"
}
],
"notes": [
{
"category": "general",
"text": "golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function\u0027s argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:zli-2.1.14-1.1.aarch64",
"openSUSE Tumbleweed:zli-2.1.14-1.1.ppc64le",
"openSUSE Tumbleweed:zli-2.1.14-1.1.s390x",
"openSUSE Tumbleweed:zli-2.1.14-1.1.x86_64",
"openSUSE Tumbleweed:zli-bash-completion-2.1.14-1.1.aarch64",
"openSUSE Tumbleweed:zli-bash-completion-2.1.14-1.1.ppc64le",
"openSUSE Tumbleweed:zli-bash-completion-2.1.14-1.1.s390x",
"openSUSE Tumbleweed:zli-bash-completion-2.1.14-1.1.x86_64",
"openSUSE Tumbleweed:zli-fish-completion-2.1.14-1.1.aarch64",
"openSUSE Tumbleweed:zli-fish-completion-2.1.14-1.1.ppc64le",
"openSUSE Tumbleweed:zli-fish-completion-2.1.14-1.1.s390x",
"openSUSE Tumbleweed:zli-fish-completion-2.1.14-1.1.x86_64",
"openSUSE Tumbleweed:zli-zsh-completion-2.1.14-1.1.aarch64",
"openSUSE Tumbleweed:zli-zsh-completion-2.1.14-1.1.ppc64le",
"openSUSE Tumbleweed:zli-zsh-completion-2.1.14-1.1.s390x",
"openSUSE Tumbleweed:zli-zsh-completion-2.1.14-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-30204",
"url": "https://www.suse.com/security/cve/CVE-2025-30204"
},
{
"category": "external",
"summary": "SUSE Bug 1240441 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240441"
},
{
"category": "external",
"summary": "SUSE Bug 1240442 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:zli-2.1.14-1.1.aarch64",
"openSUSE Tumbleweed:zli-2.1.14-1.1.ppc64le",
"openSUSE Tumbleweed:zli-2.1.14-1.1.s390x",
"openSUSE Tumbleweed:zli-2.1.14-1.1.x86_64",
"openSUSE Tumbleweed:zli-bash-completion-2.1.14-1.1.aarch64",
"openSUSE Tumbleweed:zli-bash-completion-2.1.14-1.1.ppc64le",
"openSUSE Tumbleweed:zli-bash-completion-2.1.14-1.1.s390x",
"openSUSE Tumbleweed:zli-bash-completion-2.1.14-1.1.x86_64",
"openSUSE Tumbleweed:zli-fish-completion-2.1.14-1.1.aarch64",
"openSUSE Tumbleweed:zli-fish-completion-2.1.14-1.1.ppc64le",
"openSUSE Tumbleweed:zli-fish-completion-2.1.14-1.1.s390x",
"openSUSE Tumbleweed:zli-fish-completion-2.1.14-1.1.x86_64",
"openSUSE Tumbleweed:zli-zsh-completion-2.1.14-1.1.aarch64",
"openSUSE Tumbleweed:zli-zsh-completion-2.1.14-1.1.ppc64le",
"openSUSE Tumbleweed:zli-zsh-completion-2.1.14-1.1.s390x",
"openSUSE Tumbleweed:zli-zsh-completion-2.1.14-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:zli-2.1.14-1.1.aarch64",
"openSUSE Tumbleweed:zli-2.1.14-1.1.ppc64le",
"openSUSE Tumbleweed:zli-2.1.14-1.1.s390x",
"openSUSE Tumbleweed:zli-2.1.14-1.1.x86_64",
"openSUSE Tumbleweed:zli-bash-completion-2.1.14-1.1.aarch64",
"openSUSE Tumbleweed:zli-bash-completion-2.1.14-1.1.ppc64le",
"openSUSE Tumbleweed:zli-bash-completion-2.1.14-1.1.s390x",
"openSUSE Tumbleweed:zli-bash-completion-2.1.14-1.1.x86_64",
"openSUSE Tumbleweed:zli-fish-completion-2.1.14-1.1.aarch64",
"openSUSE Tumbleweed:zli-fish-completion-2.1.14-1.1.ppc64le",
"openSUSE Tumbleweed:zli-fish-completion-2.1.14-1.1.s390x",
"openSUSE Tumbleweed:zli-fish-completion-2.1.14-1.1.x86_64",
"openSUSE Tumbleweed:zli-zsh-completion-2.1.14-1.1.aarch64",
"openSUSE Tumbleweed:zli-zsh-completion-2.1.14-1.1.ppc64le",
"openSUSE Tumbleweed:zli-zsh-completion-2.1.14-1.1.s390x",
"openSUSE Tumbleweed:zli-zsh-completion-2.1.14-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-26T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-30204"
}
]
}
OPENSUSE-SU-2026:10100-1
Vulnerability from csaf_opensuse - Published: 2026-01-26 00:00 - Updated: 2026-01-26 00:00Summary
zot-registry-2.1.14-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: zot-registry-2.1.14-1.1 on GA media
Description of the patch: These are all security issues fixed in the zot-registry-2.1.14-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10100
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:zot-registry-2.1.14-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zot-registry-2.1.14-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zot-registry-2.1.14-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zot-registry-2.1.14-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zot-registry-bash-completion-2.1.14-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zot-registry-bash-completion-2.1.14-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zot-registry-bash-completion-2.1.14-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zot-registry-bash-completion-2.1.14-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zot-registry-fish-completion-2.1.14-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zot-registry-fish-completion-2.1.14-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zot-registry-fish-completion-2.1.14-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zot-registry-fish-completion-2.1.14-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zot-registry-zsh-completion-2.1.14-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zot-registry-zsh-completion-2.1.14-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zot-registry-zsh-completion-2.1.14-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:zot-registry-zsh-completion-2.1.14-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
6 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "zot-registry-2.1.14-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the zot-registry-2.1.14-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10100",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10100-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-30204 page",
"url": "https://www.suse.com/security/cve/CVE-2025-30204/"
}
],
"title": "zot-registry-2.1.14-1.1 on GA media",
"tracking": {
"current_release_date": "2026-01-26T00:00:00Z",
"generator": {
"date": "2026-01-26T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10100-1",
"initial_release_date": "2026-01-26T00:00:00Z",
"revision_history": [
{
"date": "2026-01-26T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "zot-registry-2.1.14-1.1.aarch64",
"product": {
"name": "zot-registry-2.1.14-1.1.aarch64",
"product_id": "zot-registry-2.1.14-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "zot-registry-bash-completion-2.1.14-1.1.aarch64",
"product": {
"name": "zot-registry-bash-completion-2.1.14-1.1.aarch64",
"product_id": "zot-registry-bash-completion-2.1.14-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "zot-registry-fish-completion-2.1.14-1.1.aarch64",
"product": {
"name": "zot-registry-fish-completion-2.1.14-1.1.aarch64",
"product_id": "zot-registry-fish-completion-2.1.14-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "zot-registry-zsh-completion-2.1.14-1.1.aarch64",
"product": {
"name": "zot-registry-zsh-completion-2.1.14-1.1.aarch64",
"product_id": "zot-registry-zsh-completion-2.1.14-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "zot-registry-2.1.14-1.1.ppc64le",
"product": {
"name": "zot-registry-2.1.14-1.1.ppc64le",
"product_id": "zot-registry-2.1.14-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zot-registry-bash-completion-2.1.14-1.1.ppc64le",
"product": {
"name": "zot-registry-bash-completion-2.1.14-1.1.ppc64le",
"product_id": "zot-registry-bash-completion-2.1.14-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zot-registry-fish-completion-2.1.14-1.1.ppc64le",
"product": {
"name": "zot-registry-fish-completion-2.1.14-1.1.ppc64le",
"product_id": "zot-registry-fish-completion-2.1.14-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "zot-registry-zsh-completion-2.1.14-1.1.ppc64le",
"product": {
"name": "zot-registry-zsh-completion-2.1.14-1.1.ppc64le",
"product_id": "zot-registry-zsh-completion-2.1.14-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "zot-registry-2.1.14-1.1.s390x",
"product": {
"name": "zot-registry-2.1.14-1.1.s390x",
"product_id": "zot-registry-2.1.14-1.1.s390x"
}
},
{
"category": "product_version",
"name": "zot-registry-bash-completion-2.1.14-1.1.s390x",
"product": {
"name": "zot-registry-bash-completion-2.1.14-1.1.s390x",
"product_id": "zot-registry-bash-completion-2.1.14-1.1.s390x"
}
},
{
"category": "product_version",
"name": "zot-registry-fish-completion-2.1.14-1.1.s390x",
"product": {
"name": "zot-registry-fish-completion-2.1.14-1.1.s390x",
"product_id": "zot-registry-fish-completion-2.1.14-1.1.s390x"
}
},
{
"category": "product_version",
"name": "zot-registry-zsh-completion-2.1.14-1.1.s390x",
"product": {
"name": "zot-registry-zsh-completion-2.1.14-1.1.s390x",
"product_id": "zot-registry-zsh-completion-2.1.14-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "zot-registry-2.1.14-1.1.x86_64",
"product": {
"name": "zot-registry-2.1.14-1.1.x86_64",
"product_id": "zot-registry-2.1.14-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "zot-registry-bash-completion-2.1.14-1.1.x86_64",
"product": {
"name": "zot-registry-bash-completion-2.1.14-1.1.x86_64",
"product_id": "zot-registry-bash-completion-2.1.14-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "zot-registry-fish-completion-2.1.14-1.1.x86_64",
"product": {
"name": "zot-registry-fish-completion-2.1.14-1.1.x86_64",
"product_id": "zot-registry-fish-completion-2.1.14-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "zot-registry-zsh-completion-2.1.14-1.1.x86_64",
"product": {
"name": "zot-registry-zsh-completion-2.1.14-1.1.x86_64",
"product_id": "zot-registry-zsh-completion-2.1.14-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "zot-registry-2.1.14-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zot-registry-2.1.14-1.1.aarch64"
},
"product_reference": "zot-registry-2.1.14-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zot-registry-2.1.14-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zot-registry-2.1.14-1.1.ppc64le"
},
"product_reference": "zot-registry-2.1.14-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zot-registry-2.1.14-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zot-registry-2.1.14-1.1.s390x"
},
"product_reference": "zot-registry-2.1.14-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zot-registry-2.1.14-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zot-registry-2.1.14-1.1.x86_64"
},
"product_reference": "zot-registry-2.1.14-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zot-registry-bash-completion-2.1.14-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zot-registry-bash-completion-2.1.14-1.1.aarch64"
},
"product_reference": "zot-registry-bash-completion-2.1.14-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zot-registry-bash-completion-2.1.14-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zot-registry-bash-completion-2.1.14-1.1.ppc64le"
},
"product_reference": "zot-registry-bash-completion-2.1.14-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zot-registry-bash-completion-2.1.14-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zot-registry-bash-completion-2.1.14-1.1.s390x"
},
"product_reference": "zot-registry-bash-completion-2.1.14-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zot-registry-bash-completion-2.1.14-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zot-registry-bash-completion-2.1.14-1.1.x86_64"
},
"product_reference": "zot-registry-bash-completion-2.1.14-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zot-registry-fish-completion-2.1.14-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zot-registry-fish-completion-2.1.14-1.1.aarch64"
},
"product_reference": "zot-registry-fish-completion-2.1.14-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zot-registry-fish-completion-2.1.14-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zot-registry-fish-completion-2.1.14-1.1.ppc64le"
},
"product_reference": "zot-registry-fish-completion-2.1.14-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zot-registry-fish-completion-2.1.14-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zot-registry-fish-completion-2.1.14-1.1.s390x"
},
"product_reference": "zot-registry-fish-completion-2.1.14-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zot-registry-fish-completion-2.1.14-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zot-registry-fish-completion-2.1.14-1.1.x86_64"
},
"product_reference": "zot-registry-fish-completion-2.1.14-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zot-registry-zsh-completion-2.1.14-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zot-registry-zsh-completion-2.1.14-1.1.aarch64"
},
"product_reference": "zot-registry-zsh-completion-2.1.14-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zot-registry-zsh-completion-2.1.14-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zot-registry-zsh-completion-2.1.14-1.1.ppc64le"
},
"product_reference": "zot-registry-zsh-completion-2.1.14-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zot-registry-zsh-completion-2.1.14-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zot-registry-zsh-completion-2.1.14-1.1.s390x"
},
"product_reference": "zot-registry-zsh-completion-2.1.14-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zot-registry-zsh-completion-2.1.14-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zot-registry-zsh-completion-2.1.14-1.1.x86_64"
},
"product_reference": "zot-registry-zsh-completion-2.1.14-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-30204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-30204"
}
],
"notes": [
{
"category": "general",
"text": "golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function\u0027s argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:zot-registry-2.1.14-1.1.aarch64",
"openSUSE Tumbleweed:zot-registry-2.1.14-1.1.ppc64le",
"openSUSE Tumbleweed:zot-registry-2.1.14-1.1.s390x",
"openSUSE Tumbleweed:zot-registry-2.1.14-1.1.x86_64",
"openSUSE Tumbleweed:zot-registry-bash-completion-2.1.14-1.1.aarch64",
"openSUSE Tumbleweed:zot-registry-bash-completion-2.1.14-1.1.ppc64le",
"openSUSE Tumbleweed:zot-registry-bash-completion-2.1.14-1.1.s390x",
"openSUSE Tumbleweed:zot-registry-bash-completion-2.1.14-1.1.x86_64",
"openSUSE Tumbleweed:zot-registry-fish-completion-2.1.14-1.1.aarch64",
"openSUSE Tumbleweed:zot-registry-fish-completion-2.1.14-1.1.ppc64le",
"openSUSE Tumbleweed:zot-registry-fish-completion-2.1.14-1.1.s390x",
"openSUSE Tumbleweed:zot-registry-fish-completion-2.1.14-1.1.x86_64",
"openSUSE Tumbleweed:zot-registry-zsh-completion-2.1.14-1.1.aarch64",
"openSUSE Tumbleweed:zot-registry-zsh-completion-2.1.14-1.1.ppc64le",
"openSUSE Tumbleweed:zot-registry-zsh-completion-2.1.14-1.1.s390x",
"openSUSE Tumbleweed:zot-registry-zsh-completion-2.1.14-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-30204",
"url": "https://www.suse.com/security/cve/CVE-2025-30204"
},
{
"category": "external",
"summary": "SUSE Bug 1240441 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240441"
},
{
"category": "external",
"summary": "SUSE Bug 1240442 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:zot-registry-2.1.14-1.1.aarch64",
"openSUSE Tumbleweed:zot-registry-2.1.14-1.1.ppc64le",
"openSUSE Tumbleweed:zot-registry-2.1.14-1.1.s390x",
"openSUSE Tumbleweed:zot-registry-2.1.14-1.1.x86_64",
"openSUSE Tumbleweed:zot-registry-bash-completion-2.1.14-1.1.aarch64",
"openSUSE Tumbleweed:zot-registry-bash-completion-2.1.14-1.1.ppc64le",
"openSUSE Tumbleweed:zot-registry-bash-completion-2.1.14-1.1.s390x",
"openSUSE Tumbleweed:zot-registry-bash-completion-2.1.14-1.1.x86_64",
"openSUSE Tumbleweed:zot-registry-fish-completion-2.1.14-1.1.aarch64",
"openSUSE Tumbleweed:zot-registry-fish-completion-2.1.14-1.1.ppc64le",
"openSUSE Tumbleweed:zot-registry-fish-completion-2.1.14-1.1.s390x",
"openSUSE Tumbleweed:zot-registry-fish-completion-2.1.14-1.1.x86_64",
"openSUSE Tumbleweed:zot-registry-zsh-completion-2.1.14-1.1.aarch64",
"openSUSE Tumbleweed:zot-registry-zsh-completion-2.1.14-1.1.ppc64le",
"openSUSE Tumbleweed:zot-registry-zsh-completion-2.1.14-1.1.s390x",
"openSUSE Tumbleweed:zot-registry-zsh-completion-2.1.14-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:zot-registry-2.1.14-1.1.aarch64",
"openSUSE Tumbleweed:zot-registry-2.1.14-1.1.ppc64le",
"openSUSE Tumbleweed:zot-registry-2.1.14-1.1.s390x",
"openSUSE Tumbleweed:zot-registry-2.1.14-1.1.x86_64",
"openSUSE Tumbleweed:zot-registry-bash-completion-2.1.14-1.1.aarch64",
"openSUSE Tumbleweed:zot-registry-bash-completion-2.1.14-1.1.ppc64le",
"openSUSE Tumbleweed:zot-registry-bash-completion-2.1.14-1.1.s390x",
"openSUSE Tumbleweed:zot-registry-bash-completion-2.1.14-1.1.x86_64",
"openSUSE Tumbleweed:zot-registry-fish-completion-2.1.14-1.1.aarch64",
"openSUSE Tumbleweed:zot-registry-fish-completion-2.1.14-1.1.ppc64le",
"openSUSE Tumbleweed:zot-registry-fish-completion-2.1.14-1.1.s390x",
"openSUSE Tumbleweed:zot-registry-fish-completion-2.1.14-1.1.x86_64",
"openSUSE Tumbleweed:zot-registry-zsh-completion-2.1.14-1.1.aarch64",
"openSUSE Tumbleweed:zot-registry-zsh-completion-2.1.14-1.1.ppc64le",
"openSUSE Tumbleweed:zot-registry-zsh-completion-2.1.14-1.1.s390x",
"openSUSE Tumbleweed:zot-registry-zsh-completion-2.1.14-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-26T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-30204"
}
]
}
OPENSUSE-SU-2026:10230-1
Vulnerability from csaf_opensuse - Published: 2026-02-19 00:00 - Updated: 2026-02-19 00:00Summary
vexctl-0.4.1+git78.f951e3a-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: vexctl-0.4.1+git78.f951e3a-1.1 on GA media
Description of the patch: These are all security issues fixed in the vexctl-0.4.1+git78.f951e3a-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10230
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.4 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.8 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
33 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "vexctl-0.4.1+git78.f951e3a-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the vexctl-0.4.1+git78.f951e3a-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10230",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10230-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45337 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45337/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22868 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22868/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27144 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27144/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-30204 page",
"url": "https://www.suse.com/security/cve/CVE-2025-30204/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-22772 page",
"url": "https://www.suse.com/security/cve/CVE-2026-22772/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-24137 page",
"url": "https://www.suse.com/security/cve/CVE-2026-24137/"
}
],
"title": "vexctl-0.4.1+git78.f951e3a-1.1 on GA media",
"tracking": {
"current_release_date": "2026-02-19T00:00:00Z",
"generator": {
"date": "2026-02-19T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10230-1",
"initial_release_date": "2026-02-19T00:00:00Z",
"revision_history": [
{
"date": "2026-02-19T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"product": {
"name": "vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"product_id": "vexctl-0.4.1+git78.f951e3a-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"product": {
"name": "vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"product_id": "vexctl-0.4.1+git78.f951e3a-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"product": {
"name": "vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"product_id": "vexctl-0.4.1+git78.f951e3a-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "vexctl-0.4.1+git78.f951e3a-1.1.x86_64",
"product": {
"name": "vexctl-0.4.1+git78.f951e3a-1.1.x86_64",
"product_id": "vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "vexctl-0.4.1+git78.f951e3a-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64"
},
"product_reference": "vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vexctl-0.4.1+git78.f951e3a-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le"
},
"product_reference": "vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vexctl-0.4.1+git78.f951e3a-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x"
},
"product_reference": "vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vexctl-0.4.1+git78.f951e3a-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
},
"product_reference": "vexctl-0.4.1+git78.f951e3a-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45337",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45337"
}
],
"notes": [
{
"category": "general",
"text": "Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that \"A call to this function does not guarantee that the key offered is in fact used to authenticate.\" Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/cry...@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45337",
"url": "https://www.suse.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "SUSE Bug 1234482 for CVE-2024-45337",
"url": "https://bugzilla.suse.com/1234482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-19T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-45337"
},
{
"cve": "CVE-2025-22868",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22868"
}
],
"notes": [
{
"category": "general",
"text": "An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22868",
"url": "https://www.suse.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "SUSE Bug 1239185 for CVE-2025-22868",
"url": "https://bugzilla.suse.com/1239185"
},
{
"category": "external",
"summary": "SUSE Bug 1239186 for CVE-2025-22868",
"url": "https://bugzilla.suse.com/1239186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-19T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-22868"
},
{
"cve": "CVE-2025-22869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22869"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22869",
"url": "https://www.suse.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "SUSE Bug 1239322 for CVE-2025-22869",
"url": "https://bugzilla.suse.com/1239322"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-19T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-22869"
},
{
"cve": "CVE-2025-22870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22870"
}
],
"notes": [
{
"category": "general",
"text": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22870",
"url": "https://www.suse.com/security/cve/CVE-2025-22870"
},
{
"category": "external",
"summary": "SUSE Bug 1238572 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238572"
},
{
"category": "external",
"summary": "SUSE Bug 1238611 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-19T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-22870"
},
{
"cve": "CVE-2025-27144",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27144"
}
],
"notes": [
{
"category": "general",
"text": "Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code used strings.Split(token, \".\") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service. Version 4.0.5 fixes this issue. As a workaround, applications could pre-validate that payloads passed to Go JOSE do not contain an excessive number of `.` characters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27144",
"url": "https://www.suse.com/security/cve/CVE-2025-27144"
},
{
"category": "external",
"summary": "SUSE Bug 1237608 for CVE-2025-27144",
"url": "https://bugzilla.suse.com/1237608"
},
{
"category": "external",
"summary": "SUSE Bug 1237609 for CVE-2025-27144",
"url": "https://bugzilla.suse.com/1237609"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-19T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-27144"
},
{
"cve": "CVE-2025-30204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-30204"
}
],
"notes": [
{
"category": "general",
"text": "golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function\u0027s argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-30204",
"url": "https://www.suse.com/security/cve/CVE-2025-30204"
},
{
"category": "external",
"summary": "SUSE Bug 1240441 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240441"
},
{
"category": "external",
"summary": "SUSE Bug 1240442 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-19T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-30204"
},
{
"cve": "CVE-2025-58181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58181"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58181",
"url": "https://www.suse.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "SUSE Bug 1253784 for CVE-2025-58181",
"url": "https://bugzilla.suse.com/1253784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-19T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-58181"
},
{
"cve": "CVE-2026-22772",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-22772"
}
],
"notes": [
{
"category": "general",
"text": "Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.5, Fulcio\u0027s metaRegex() function uses unanchored regex, allowing attackers to bypass MetaIssuer URL validation and trigger SSRF to arbitrary internal services. Since the SSRF only can trigger GET requests, the request cannot mutate state. The response from the GET request is not returned to the caller so data exfiltration is not possible. A malicious actor could attempt to probe an internal network through Blind SSRF. This vulnerability is fixed in 1.8.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-22772",
"url": "https://www.suse.com/security/cve/CVE-2026-22772"
},
{
"category": "external",
"summary": "SUSE Bug 1256532 for CVE-2026-22772",
"url": "https://bugzilla.suse.com/1256532"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-19T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-22772"
},
{
"cve": "CVE-2026-24137",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-24137"
}
],
"notes": [
{
"category": "general",
"text": "sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client (pkg/tuf/client.go) supports caching target files to disk. It constructs a filesystem path by joining a cache base directory with a target name sourced from signed target metadata; however, it does not validate that the resulting path stays within the cache base directory. A malicious TUF repository can trigger arbitrary file overwriting, limited to the permissions that the calling process has. Note that this should only affect clients that are directly using the TUF client in sigstore/sigstore or are using an older version of Cosign. Public Sigstore deployment users are unaffected, as TUF metadata is validated by a quorum of trusted collaborators. This issue has been fixed in version 1.10.4. As a workaround, users can disable disk caching for the legacy client by setting SIGSTORE_NO_CACHE=true in the environment, migrate to https://github.com/sigstore/sigstore-go/tree/main/pkg/tuf, or upgrade to the latest sigstore/sigstore release.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-24137",
"url": "https://www.suse.com/security/cve/CVE-2026-24137"
},
{
"category": "external",
"summary": "SUSE Bug 1257137 for CVE-2026-24137",
"url": "https://bugzilla.suse.com/1257137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-19T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-24137"
}
]
}
OPENSUSE-SU-2026:10255-1
Vulnerability from csaf_opensuse - Published: 2026-02-25 00:00 - Updated: 2026-02-25 00:00Summary
docker-stable-24.0.9_ce-17.1 on GA media
Severity
Moderate
Notes
Title of the patch: docker-stable-24.0.9_ce-17.1 on GA media
Description of the patch: These are all security issues fixed in the docker-stable-24.0.9_ce-17.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10255
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "docker-stable-24.0.9_ce-17.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the docker-stable-24.0.9_ce-17.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10255",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10255-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-30204 page",
"url": "https://www.suse.com/security/cve/CVE-2025-30204/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58181/"
}
],
"title": "docker-stable-24.0.9_ce-17.1 on GA media",
"tracking": {
"current_release_date": "2026-02-25T00:00:00Z",
"generator": {
"date": "2026-02-25T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10255-1",
"initial_release_date": "2026-02-25T00:00:00Z",
"revision_history": [
{
"date": "2026-02-25T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-17.1.aarch64",
"product": {
"name": "docker-stable-24.0.9_ce-17.1.aarch64",
"product_id": "docker-stable-24.0.9_ce-17.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-stable-bash-completion-24.0.9_ce-17.1.aarch64",
"product": {
"name": "docker-stable-bash-completion-24.0.9_ce-17.1.aarch64",
"product_id": "docker-stable-bash-completion-24.0.9_ce-17.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-stable-buildx-0.25.0-17.1.aarch64",
"product": {
"name": "docker-stable-buildx-0.25.0-17.1.aarch64",
"product_id": "docker-stable-buildx-0.25.0-17.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-stable-fish-completion-24.0.9_ce-17.1.aarch64",
"product": {
"name": "docker-stable-fish-completion-24.0.9_ce-17.1.aarch64",
"product_id": "docker-stable-fish-completion-24.0.9_ce-17.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-stable-rootless-extras-24.0.9_ce-17.1.aarch64",
"product": {
"name": "docker-stable-rootless-extras-24.0.9_ce-17.1.aarch64",
"product_id": "docker-stable-rootless-extras-24.0.9_ce-17.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-stable-zsh-completion-24.0.9_ce-17.1.aarch64",
"product": {
"name": "docker-stable-zsh-completion-24.0.9_ce-17.1.aarch64",
"product_id": "docker-stable-zsh-completion-24.0.9_ce-17.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-17.1.ppc64le",
"product": {
"name": "docker-stable-24.0.9_ce-17.1.ppc64le",
"product_id": "docker-stable-24.0.9_ce-17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-stable-bash-completion-24.0.9_ce-17.1.ppc64le",
"product": {
"name": "docker-stable-bash-completion-24.0.9_ce-17.1.ppc64le",
"product_id": "docker-stable-bash-completion-24.0.9_ce-17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-stable-buildx-0.25.0-17.1.ppc64le",
"product": {
"name": "docker-stable-buildx-0.25.0-17.1.ppc64le",
"product_id": "docker-stable-buildx-0.25.0-17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-stable-fish-completion-24.0.9_ce-17.1.ppc64le",
"product": {
"name": "docker-stable-fish-completion-24.0.9_ce-17.1.ppc64le",
"product_id": "docker-stable-fish-completion-24.0.9_ce-17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-stable-rootless-extras-24.0.9_ce-17.1.ppc64le",
"product": {
"name": "docker-stable-rootless-extras-24.0.9_ce-17.1.ppc64le",
"product_id": "docker-stable-rootless-extras-24.0.9_ce-17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-stable-zsh-completion-24.0.9_ce-17.1.ppc64le",
"product": {
"name": "docker-stable-zsh-completion-24.0.9_ce-17.1.ppc64le",
"product_id": "docker-stable-zsh-completion-24.0.9_ce-17.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-17.1.s390x",
"product": {
"name": "docker-stable-24.0.9_ce-17.1.s390x",
"product_id": "docker-stable-24.0.9_ce-17.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-stable-bash-completion-24.0.9_ce-17.1.s390x",
"product": {
"name": "docker-stable-bash-completion-24.0.9_ce-17.1.s390x",
"product_id": "docker-stable-bash-completion-24.0.9_ce-17.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-stable-buildx-0.25.0-17.1.s390x",
"product": {
"name": "docker-stable-buildx-0.25.0-17.1.s390x",
"product_id": "docker-stable-buildx-0.25.0-17.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-stable-fish-completion-24.0.9_ce-17.1.s390x",
"product": {
"name": "docker-stable-fish-completion-24.0.9_ce-17.1.s390x",
"product_id": "docker-stable-fish-completion-24.0.9_ce-17.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-stable-rootless-extras-24.0.9_ce-17.1.s390x",
"product": {
"name": "docker-stable-rootless-extras-24.0.9_ce-17.1.s390x",
"product_id": "docker-stable-rootless-extras-24.0.9_ce-17.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-stable-zsh-completion-24.0.9_ce-17.1.s390x",
"product": {
"name": "docker-stable-zsh-completion-24.0.9_ce-17.1.s390x",
"product_id": "docker-stable-zsh-completion-24.0.9_ce-17.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-17.1.x86_64",
"product": {
"name": "docker-stable-24.0.9_ce-17.1.x86_64",
"product_id": "docker-stable-24.0.9_ce-17.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-stable-bash-completion-24.0.9_ce-17.1.x86_64",
"product": {
"name": "docker-stable-bash-completion-24.0.9_ce-17.1.x86_64",
"product_id": "docker-stable-bash-completion-24.0.9_ce-17.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-stable-buildx-0.25.0-17.1.x86_64",
"product": {
"name": "docker-stable-buildx-0.25.0-17.1.x86_64",
"product_id": "docker-stable-buildx-0.25.0-17.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-stable-fish-completion-24.0.9_ce-17.1.x86_64",
"product": {
"name": "docker-stable-fish-completion-24.0.9_ce-17.1.x86_64",
"product_id": "docker-stable-fish-completion-24.0.9_ce-17.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-stable-rootless-extras-24.0.9_ce-17.1.x86_64",
"product": {
"name": "docker-stable-rootless-extras-24.0.9_ce-17.1.x86_64",
"product_id": "docker-stable-rootless-extras-24.0.9_ce-17.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-stable-zsh-completion-24.0.9_ce-17.1.x86_64",
"product": {
"name": "docker-stable-zsh-completion-24.0.9_ce-17.1.x86_64",
"product_id": "docker-stable-zsh-completion-24.0.9_ce-17.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-17.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.aarch64"
},
"product_reference": "docker-stable-24.0.9_ce-17.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-17.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.ppc64le"
},
"product_reference": "docker-stable-24.0.9_ce-17.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-17.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.s390x"
},
"product_reference": "docker-stable-24.0.9_ce-17.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-17.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.x86_64"
},
"product_reference": "docker-stable-24.0.9_ce-17.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-17.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.aarch64"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-17.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-17.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.ppc64le"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-17.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-17.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.s390x"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-17.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-17.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.x86_64"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-17.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.25.0-17.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.aarch64"
},
"product_reference": "docker-stable-buildx-0.25.0-17.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.25.0-17.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.ppc64le"
},
"product_reference": "docker-stable-buildx-0.25.0-17.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.25.0-17.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.s390x"
},
"product_reference": "docker-stable-buildx-0.25.0-17.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.25.0-17.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.x86_64"
},
"product_reference": "docker-stable-buildx-0.25.0-17.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-fish-completion-24.0.9_ce-17.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.aarch64"
},
"product_reference": "docker-stable-fish-completion-24.0.9_ce-17.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-fish-completion-24.0.9_ce-17.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.ppc64le"
},
"product_reference": "docker-stable-fish-completion-24.0.9_ce-17.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-fish-completion-24.0.9_ce-17.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.s390x"
},
"product_reference": "docker-stable-fish-completion-24.0.9_ce-17.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-fish-completion-24.0.9_ce-17.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.x86_64"
},
"product_reference": "docker-stable-fish-completion-24.0.9_ce-17.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-rootless-extras-24.0.9_ce-17.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.aarch64"
},
"product_reference": "docker-stable-rootless-extras-24.0.9_ce-17.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-rootless-extras-24.0.9_ce-17.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.ppc64le"
},
"product_reference": "docker-stable-rootless-extras-24.0.9_ce-17.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-rootless-extras-24.0.9_ce-17.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.s390x"
},
"product_reference": "docker-stable-rootless-extras-24.0.9_ce-17.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-rootless-extras-24.0.9_ce-17.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.x86_64"
},
"product_reference": "docker-stable-rootless-extras-24.0.9_ce-17.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-zsh-completion-24.0.9_ce-17.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.aarch64"
},
"product_reference": "docker-stable-zsh-completion-24.0.9_ce-17.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-zsh-completion-24.0.9_ce-17.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.ppc64le"
},
"product_reference": "docker-stable-zsh-completion-24.0.9_ce-17.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-zsh-completion-24.0.9_ce-17.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.s390x"
},
"product_reference": "docker-stable-zsh-completion-24.0.9_ce-17.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-zsh-completion-24.0.9_ce-17.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.x86_64"
},
"product_reference": "docker-stable-zsh-completion-24.0.9_ce-17.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-30204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-30204"
}
],
"notes": [
{
"category": "general",
"text": "golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function\u0027s argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-30204",
"url": "https://www.suse.com/security/cve/CVE-2025-30204"
},
{
"category": "external",
"summary": "SUSE Bug 1240441 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240441"
},
{
"category": "external",
"summary": "SUSE Bug 1240442 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-30204"
},
{
"cve": "CVE-2025-58181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58181"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58181",
"url": "https://www.suse.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "SUSE Bug 1253784 for CVE-2025-58181",
"url": "https://bugzilla.suse.com/1253784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-58181"
}
]
}
OPENSUSE-SU-2026:10302-1
Vulnerability from csaf_opensuse - Published: 2026-03-07 00:00 - Updated: 2026-03-07 00:00Summary
kubeshark-cli-53.1.0-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: kubeshark-cli-53.1.0-1.1 on GA media
Description of the patch: These are all security issues fixed in the kubeshark-cli-53.1.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10302
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:kubeshark-cli-53.1.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubeshark-cli-53.1.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubeshark-cli-53.1.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubeshark-cli-53.1.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubeshark-cli-bash-completion-53.1.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubeshark-cli-bash-completion-53.1.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubeshark-cli-bash-completion-53.1.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubeshark-cli-bash-completion-53.1.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubeshark-cli-fish-completion-53.1.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubeshark-cli-fish-completion-53.1.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubeshark-cli-fish-completion-53.1.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubeshark-cli-fish-completion-53.1.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubeshark-cli-zsh-completion-53.1.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubeshark-cli-zsh-completion-53.1.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubeshark-cli-zsh-completion-53.1.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubeshark-cli-zsh-completion-53.1.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:kubeshark-cli-53.1.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubeshark-cli-53.1.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubeshark-cli-53.1.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubeshark-cli-53.1.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubeshark-cli-bash-completion-53.1.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubeshark-cli-bash-completion-53.1.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubeshark-cli-bash-completion-53.1.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubeshark-cli-bash-completion-53.1.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubeshark-cli-fish-completion-53.1.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubeshark-cli-fish-completion-53.1.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubeshark-cli-fish-completion-53.1.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubeshark-cli-fish-completion-53.1.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubeshark-cli-zsh-completion-53.1.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubeshark-cli-zsh-completion-53.1.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubeshark-cli-zsh-completion-53.1.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubeshark-cli-zsh-completion-53.1.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "kubeshark-cli-53.1.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the kubeshark-cli-53.1.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10302",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10302-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-30204 page",
"url": "https://www.suse.com/security/cve/CVE-2025-30204/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47914/"
}
],
"title": "kubeshark-cli-53.1.0-1.1 on GA media",
"tracking": {
"current_release_date": "2026-03-07T00:00:00Z",
"generator": {
"date": "2026-03-07T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10302-1",
"initial_release_date": "2026-03-07T00:00:00Z",
"revision_history": [
{
"date": "2026-03-07T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kubeshark-cli-53.1.0-1.1.aarch64",
"product": {
"name": "kubeshark-cli-53.1.0-1.1.aarch64",
"product_id": "kubeshark-cli-53.1.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubeshark-cli-bash-completion-53.1.0-1.1.aarch64",
"product": {
"name": "kubeshark-cli-bash-completion-53.1.0-1.1.aarch64",
"product_id": "kubeshark-cli-bash-completion-53.1.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubeshark-cli-fish-completion-53.1.0-1.1.aarch64",
"product": {
"name": "kubeshark-cli-fish-completion-53.1.0-1.1.aarch64",
"product_id": "kubeshark-cli-fish-completion-53.1.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubeshark-cli-zsh-completion-53.1.0-1.1.aarch64",
"product": {
"name": "kubeshark-cli-zsh-completion-53.1.0-1.1.aarch64",
"product_id": "kubeshark-cli-zsh-completion-53.1.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kubeshark-cli-53.1.0-1.1.ppc64le",
"product": {
"name": "kubeshark-cli-53.1.0-1.1.ppc64le",
"product_id": "kubeshark-cli-53.1.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubeshark-cli-bash-completion-53.1.0-1.1.ppc64le",
"product": {
"name": "kubeshark-cli-bash-completion-53.1.0-1.1.ppc64le",
"product_id": "kubeshark-cli-bash-completion-53.1.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubeshark-cli-fish-completion-53.1.0-1.1.ppc64le",
"product": {
"name": "kubeshark-cli-fish-completion-53.1.0-1.1.ppc64le",
"product_id": "kubeshark-cli-fish-completion-53.1.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubeshark-cli-zsh-completion-53.1.0-1.1.ppc64le",
"product": {
"name": "kubeshark-cli-zsh-completion-53.1.0-1.1.ppc64le",
"product_id": "kubeshark-cli-zsh-completion-53.1.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kubeshark-cli-53.1.0-1.1.s390x",
"product": {
"name": "kubeshark-cli-53.1.0-1.1.s390x",
"product_id": "kubeshark-cli-53.1.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kubeshark-cli-bash-completion-53.1.0-1.1.s390x",
"product": {
"name": "kubeshark-cli-bash-completion-53.1.0-1.1.s390x",
"product_id": "kubeshark-cli-bash-completion-53.1.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kubeshark-cli-fish-completion-53.1.0-1.1.s390x",
"product": {
"name": "kubeshark-cli-fish-completion-53.1.0-1.1.s390x",
"product_id": "kubeshark-cli-fish-completion-53.1.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kubeshark-cli-zsh-completion-53.1.0-1.1.s390x",
"product": {
"name": "kubeshark-cli-zsh-completion-53.1.0-1.1.s390x",
"product_id": "kubeshark-cli-zsh-completion-53.1.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kubeshark-cli-53.1.0-1.1.x86_64",
"product": {
"name": "kubeshark-cli-53.1.0-1.1.x86_64",
"product_id": "kubeshark-cli-53.1.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubeshark-cli-bash-completion-53.1.0-1.1.x86_64",
"product": {
"name": "kubeshark-cli-bash-completion-53.1.0-1.1.x86_64",
"product_id": "kubeshark-cli-bash-completion-53.1.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubeshark-cli-fish-completion-53.1.0-1.1.x86_64",
"product": {
"name": "kubeshark-cli-fish-completion-53.1.0-1.1.x86_64",
"product_id": "kubeshark-cli-fish-completion-53.1.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubeshark-cli-zsh-completion-53.1.0-1.1.x86_64",
"product": {
"name": "kubeshark-cli-zsh-completion-53.1.0-1.1.x86_64",
"product_id": "kubeshark-cli-zsh-completion-53.1.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kubeshark-cli-53.1.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubeshark-cli-53.1.0-1.1.aarch64"
},
"product_reference": "kubeshark-cli-53.1.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubeshark-cli-53.1.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubeshark-cli-53.1.0-1.1.ppc64le"
},
"product_reference": "kubeshark-cli-53.1.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubeshark-cli-53.1.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubeshark-cli-53.1.0-1.1.s390x"
},
"product_reference": "kubeshark-cli-53.1.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubeshark-cli-53.1.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubeshark-cli-53.1.0-1.1.x86_64"
},
"product_reference": "kubeshark-cli-53.1.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubeshark-cli-bash-completion-53.1.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubeshark-cli-bash-completion-53.1.0-1.1.aarch64"
},
"product_reference": "kubeshark-cli-bash-completion-53.1.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubeshark-cli-bash-completion-53.1.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubeshark-cli-bash-completion-53.1.0-1.1.ppc64le"
},
"product_reference": "kubeshark-cli-bash-completion-53.1.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubeshark-cli-bash-completion-53.1.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubeshark-cli-bash-completion-53.1.0-1.1.s390x"
},
"product_reference": "kubeshark-cli-bash-completion-53.1.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubeshark-cli-bash-completion-53.1.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubeshark-cli-bash-completion-53.1.0-1.1.x86_64"
},
"product_reference": "kubeshark-cli-bash-completion-53.1.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubeshark-cli-fish-completion-53.1.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubeshark-cli-fish-completion-53.1.0-1.1.aarch64"
},
"product_reference": "kubeshark-cli-fish-completion-53.1.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubeshark-cli-fish-completion-53.1.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubeshark-cli-fish-completion-53.1.0-1.1.ppc64le"
},
"product_reference": "kubeshark-cli-fish-completion-53.1.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubeshark-cli-fish-completion-53.1.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubeshark-cli-fish-completion-53.1.0-1.1.s390x"
},
"product_reference": "kubeshark-cli-fish-completion-53.1.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubeshark-cli-fish-completion-53.1.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubeshark-cli-fish-completion-53.1.0-1.1.x86_64"
},
"product_reference": "kubeshark-cli-fish-completion-53.1.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubeshark-cli-zsh-completion-53.1.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubeshark-cli-zsh-completion-53.1.0-1.1.aarch64"
},
"product_reference": "kubeshark-cli-zsh-completion-53.1.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubeshark-cli-zsh-completion-53.1.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubeshark-cli-zsh-completion-53.1.0-1.1.ppc64le"
},
"product_reference": "kubeshark-cli-zsh-completion-53.1.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubeshark-cli-zsh-completion-53.1.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubeshark-cli-zsh-completion-53.1.0-1.1.s390x"
},
"product_reference": "kubeshark-cli-zsh-completion-53.1.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubeshark-cli-zsh-completion-53.1.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubeshark-cli-zsh-completion-53.1.0-1.1.x86_64"
},
"product_reference": "kubeshark-cli-zsh-completion-53.1.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-30204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-30204"
}
],
"notes": [
{
"category": "general",
"text": "golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function\u0027s argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kubeshark-cli-53.1.0-1.1.aarch64",
"openSUSE Tumbleweed:kubeshark-cli-53.1.0-1.1.ppc64le",
"openSUSE Tumbleweed:kubeshark-cli-53.1.0-1.1.s390x",
"openSUSE Tumbleweed:kubeshark-cli-53.1.0-1.1.x86_64",
"openSUSE Tumbleweed:kubeshark-cli-bash-completion-53.1.0-1.1.aarch64",
"openSUSE Tumbleweed:kubeshark-cli-bash-completion-53.1.0-1.1.ppc64le",
"openSUSE Tumbleweed:kubeshark-cli-bash-completion-53.1.0-1.1.s390x",
"openSUSE Tumbleweed:kubeshark-cli-bash-completion-53.1.0-1.1.x86_64",
"openSUSE Tumbleweed:kubeshark-cli-fish-completion-53.1.0-1.1.aarch64",
"openSUSE Tumbleweed:kubeshark-cli-fish-completion-53.1.0-1.1.ppc64le",
"openSUSE Tumbleweed:kubeshark-cli-fish-completion-53.1.0-1.1.s390x",
"openSUSE Tumbleweed:kubeshark-cli-fish-completion-53.1.0-1.1.x86_64",
"openSUSE Tumbleweed:kubeshark-cli-zsh-completion-53.1.0-1.1.aarch64",
"openSUSE Tumbleweed:kubeshark-cli-zsh-completion-53.1.0-1.1.ppc64le",
"openSUSE Tumbleweed:kubeshark-cli-zsh-completion-53.1.0-1.1.s390x",
"openSUSE Tumbleweed:kubeshark-cli-zsh-completion-53.1.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-30204",
"url": "https://www.suse.com/security/cve/CVE-2025-30204"
},
{
"category": "external",
"summary": "SUSE Bug 1240441 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240441"
},
{
"category": "external",
"summary": "SUSE Bug 1240442 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kubeshark-cli-53.1.0-1.1.aarch64",
"openSUSE Tumbleweed:kubeshark-cli-53.1.0-1.1.ppc64le",
"openSUSE Tumbleweed:kubeshark-cli-53.1.0-1.1.s390x",
"openSUSE Tumbleweed:kubeshark-cli-53.1.0-1.1.x86_64",
"openSUSE Tumbleweed:kubeshark-cli-bash-completion-53.1.0-1.1.aarch64",
"openSUSE Tumbleweed:kubeshark-cli-bash-completion-53.1.0-1.1.ppc64le",
"openSUSE Tumbleweed:kubeshark-cli-bash-completion-53.1.0-1.1.s390x",
"openSUSE Tumbleweed:kubeshark-cli-bash-completion-53.1.0-1.1.x86_64",
"openSUSE Tumbleweed:kubeshark-cli-fish-completion-53.1.0-1.1.aarch64",
"openSUSE Tumbleweed:kubeshark-cli-fish-completion-53.1.0-1.1.ppc64le",
"openSUSE Tumbleweed:kubeshark-cli-fish-completion-53.1.0-1.1.s390x",
"openSUSE Tumbleweed:kubeshark-cli-fish-completion-53.1.0-1.1.x86_64",
"openSUSE Tumbleweed:kubeshark-cli-zsh-completion-53.1.0-1.1.aarch64",
"openSUSE Tumbleweed:kubeshark-cli-zsh-completion-53.1.0-1.1.ppc64le",
"openSUSE Tumbleweed:kubeshark-cli-zsh-completion-53.1.0-1.1.s390x",
"openSUSE Tumbleweed:kubeshark-cli-zsh-completion-53.1.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kubeshark-cli-53.1.0-1.1.aarch64",
"openSUSE Tumbleweed:kubeshark-cli-53.1.0-1.1.ppc64le",
"openSUSE Tumbleweed:kubeshark-cli-53.1.0-1.1.s390x",
"openSUSE Tumbleweed:kubeshark-cli-53.1.0-1.1.x86_64",
"openSUSE Tumbleweed:kubeshark-cli-bash-completion-53.1.0-1.1.aarch64",
"openSUSE Tumbleweed:kubeshark-cli-bash-completion-53.1.0-1.1.ppc64le",
"openSUSE Tumbleweed:kubeshark-cli-bash-completion-53.1.0-1.1.s390x",
"openSUSE Tumbleweed:kubeshark-cli-bash-completion-53.1.0-1.1.x86_64",
"openSUSE Tumbleweed:kubeshark-cli-fish-completion-53.1.0-1.1.aarch64",
"openSUSE Tumbleweed:kubeshark-cli-fish-completion-53.1.0-1.1.ppc64le",
"openSUSE Tumbleweed:kubeshark-cli-fish-completion-53.1.0-1.1.s390x",
"openSUSE Tumbleweed:kubeshark-cli-fish-completion-53.1.0-1.1.x86_64",
"openSUSE Tumbleweed:kubeshark-cli-zsh-completion-53.1.0-1.1.aarch64",
"openSUSE Tumbleweed:kubeshark-cli-zsh-completion-53.1.0-1.1.ppc64le",
"openSUSE Tumbleweed:kubeshark-cli-zsh-completion-53.1.0-1.1.s390x",
"openSUSE Tumbleweed:kubeshark-cli-zsh-completion-53.1.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-07T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-30204"
},
{
"cve": "CVE-2025-47914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47914"
}
],
"notes": [
{
"category": "general",
"text": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kubeshark-cli-53.1.0-1.1.aarch64",
"openSUSE Tumbleweed:kubeshark-cli-53.1.0-1.1.ppc64le",
"openSUSE Tumbleweed:kubeshark-cli-53.1.0-1.1.s390x",
"openSUSE Tumbleweed:kubeshark-cli-53.1.0-1.1.x86_64",
"openSUSE Tumbleweed:kubeshark-cli-bash-completion-53.1.0-1.1.aarch64",
"openSUSE Tumbleweed:kubeshark-cli-bash-completion-53.1.0-1.1.ppc64le",
"openSUSE Tumbleweed:kubeshark-cli-bash-completion-53.1.0-1.1.s390x",
"openSUSE Tumbleweed:kubeshark-cli-bash-completion-53.1.0-1.1.x86_64",
"openSUSE Tumbleweed:kubeshark-cli-fish-completion-53.1.0-1.1.aarch64",
"openSUSE Tumbleweed:kubeshark-cli-fish-completion-53.1.0-1.1.ppc64le",
"openSUSE Tumbleweed:kubeshark-cli-fish-completion-53.1.0-1.1.s390x",
"openSUSE Tumbleweed:kubeshark-cli-fish-completion-53.1.0-1.1.x86_64",
"openSUSE Tumbleweed:kubeshark-cli-zsh-completion-53.1.0-1.1.aarch64",
"openSUSE Tumbleweed:kubeshark-cli-zsh-completion-53.1.0-1.1.ppc64le",
"openSUSE Tumbleweed:kubeshark-cli-zsh-completion-53.1.0-1.1.s390x",
"openSUSE Tumbleweed:kubeshark-cli-zsh-completion-53.1.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47914",
"url": "https://www.suse.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "SUSE Bug 1253967 for CVE-2025-47914",
"url": "https://bugzilla.suse.com/1253967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kubeshark-cli-53.1.0-1.1.aarch64",
"openSUSE Tumbleweed:kubeshark-cli-53.1.0-1.1.ppc64le",
"openSUSE Tumbleweed:kubeshark-cli-53.1.0-1.1.s390x",
"openSUSE Tumbleweed:kubeshark-cli-53.1.0-1.1.x86_64",
"openSUSE Tumbleweed:kubeshark-cli-bash-completion-53.1.0-1.1.aarch64",
"openSUSE Tumbleweed:kubeshark-cli-bash-completion-53.1.0-1.1.ppc64le",
"openSUSE Tumbleweed:kubeshark-cli-bash-completion-53.1.0-1.1.s390x",
"openSUSE Tumbleweed:kubeshark-cli-bash-completion-53.1.0-1.1.x86_64",
"openSUSE Tumbleweed:kubeshark-cli-fish-completion-53.1.0-1.1.aarch64",
"openSUSE Tumbleweed:kubeshark-cli-fish-completion-53.1.0-1.1.ppc64le",
"openSUSE Tumbleweed:kubeshark-cli-fish-completion-53.1.0-1.1.s390x",
"openSUSE Tumbleweed:kubeshark-cli-fish-completion-53.1.0-1.1.x86_64",
"openSUSE Tumbleweed:kubeshark-cli-zsh-completion-53.1.0-1.1.aarch64",
"openSUSE Tumbleweed:kubeshark-cli-zsh-completion-53.1.0-1.1.ppc64le",
"openSUSE Tumbleweed:kubeshark-cli-zsh-completion-53.1.0-1.1.s390x",
"openSUSE Tumbleweed:kubeshark-cli-zsh-completion-53.1.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kubeshark-cli-53.1.0-1.1.aarch64",
"openSUSE Tumbleweed:kubeshark-cli-53.1.0-1.1.ppc64le",
"openSUSE Tumbleweed:kubeshark-cli-53.1.0-1.1.s390x",
"openSUSE Tumbleweed:kubeshark-cli-53.1.0-1.1.x86_64",
"openSUSE Tumbleweed:kubeshark-cli-bash-completion-53.1.0-1.1.aarch64",
"openSUSE Tumbleweed:kubeshark-cli-bash-completion-53.1.0-1.1.ppc64le",
"openSUSE Tumbleweed:kubeshark-cli-bash-completion-53.1.0-1.1.s390x",
"openSUSE Tumbleweed:kubeshark-cli-bash-completion-53.1.0-1.1.x86_64",
"openSUSE Tumbleweed:kubeshark-cli-fish-completion-53.1.0-1.1.aarch64",
"openSUSE Tumbleweed:kubeshark-cli-fish-completion-53.1.0-1.1.ppc64le",
"openSUSE Tumbleweed:kubeshark-cli-fish-completion-53.1.0-1.1.s390x",
"openSUSE Tumbleweed:kubeshark-cli-fish-completion-53.1.0-1.1.x86_64",
"openSUSE Tumbleweed:kubeshark-cli-zsh-completion-53.1.0-1.1.aarch64",
"openSUSE Tumbleweed:kubeshark-cli-zsh-completion-53.1.0-1.1.ppc64le",
"openSUSE Tumbleweed:kubeshark-cli-zsh-completion-53.1.0-1.1.s390x",
"openSUSE Tumbleweed:kubeshark-cli-zsh-completion-53.1.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-07T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-47914"
}
]
}
OPENSUSE-SU-2026:20366-1
Vulnerability from csaf_opensuse - Published: 2026-03-16 15:57 - Updated: 2026-03-16 15:57Summary
Security update for docker-stable
Severity
Important
Notes
Title of the patch: Security update for docker-stable
Description of the patch: This update for docker-stable fixes the following issues:
- CVE-2025-58181: Fixed unbounded memory consumption. (bsc#1253904)
- CVE-2025-30204: Fixed a bug in jwt-go which allows excessive memory allocation during header parsing. (bsc#1240513)
Patchnames: openSUSE-Leap-16.0-389
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-bash-completion-24.0.9_ce-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-fish-completion-24.0.9_ce-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.4.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-bash-completion-24.0.9_ce-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-fish-completion-24.0.9_ce-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.4.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for docker-stable",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for docker-stable fixes the following issues:\n\n- CVE-2025-58181: Fixed unbounded memory consumption. (bsc#1253904)\n- CVE-2025-30204: Fixed a bug in jwt-go which allows excessive memory allocation during header parsing. (bsc#1240513)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-389",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20366-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1240513",
"url": "https://bugzilla.suse.com/1240513"
},
{
"category": "self",
"summary": "SUSE Bug 1253904",
"url": "https://bugzilla.suse.com/1253904"
},
{
"category": "self",
"summary": "SUSE Bug 1254206",
"url": "https://bugzilla.suse.com/1254206"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-30204 page",
"url": "https://www.suse.com/security/cve/CVE-2025-30204/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58181/"
}
],
"title": "Security update for docker-stable",
"tracking": {
"current_release_date": "2026-03-16T15:57:03Z",
"generator": {
"date": "2026-03-16T15:57:03Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20366-1",
"initial_release_date": "2026-03-16T15:57:03Z",
"revision_history": [
{
"date": "2026-03-16T15:57:03Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-160000.4.1.aarch64",
"product": {
"name": "docker-stable-24.0.9_ce-160000.4.1.aarch64",
"product_id": "docker-stable-24.0.9_ce-160000.4.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-stable-buildx-0.25.0-160000.4.1.aarch64",
"product": {
"name": "docker-stable-buildx-0.25.0-160000.4.1.aarch64",
"product_id": "docker-stable-buildx-0.25.0-160000.4.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-bash-completion-24.0.9_ce-160000.4.1.noarch",
"product": {
"name": "docker-stable-bash-completion-24.0.9_ce-160000.4.1.noarch",
"product_id": "docker-stable-bash-completion-24.0.9_ce-160000.4.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-stable-fish-completion-24.0.9_ce-160000.4.1.noarch",
"product": {
"name": "docker-stable-fish-completion-24.0.9_ce-160000.4.1.noarch",
"product_id": "docker-stable-fish-completion-24.0.9_ce-160000.4.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-stable-rootless-extras-24.0.9_ce-160000.4.1.noarch",
"product": {
"name": "docker-stable-rootless-extras-24.0.9_ce-160000.4.1.noarch",
"product_id": "docker-stable-rootless-extras-24.0.9_ce-160000.4.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-stable-zsh-completion-24.0.9_ce-160000.4.1.noarch",
"product": {
"name": "docker-stable-zsh-completion-24.0.9_ce-160000.4.1.noarch",
"product_id": "docker-stable-zsh-completion-24.0.9_ce-160000.4.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-160000.4.1.ppc64le",
"product": {
"name": "docker-stable-24.0.9_ce-160000.4.1.ppc64le",
"product_id": "docker-stable-24.0.9_ce-160000.4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-stable-buildx-0.25.0-160000.4.1.ppc64le",
"product": {
"name": "docker-stable-buildx-0.25.0-160000.4.1.ppc64le",
"product_id": "docker-stable-buildx-0.25.0-160000.4.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-160000.4.1.s390x",
"product": {
"name": "docker-stable-24.0.9_ce-160000.4.1.s390x",
"product_id": "docker-stable-24.0.9_ce-160000.4.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-stable-buildx-0.25.0-160000.4.1.s390x",
"product": {
"name": "docker-stable-buildx-0.25.0-160000.4.1.s390x",
"product_id": "docker-stable-buildx-0.25.0-160000.4.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-160000.4.1.x86_64",
"product": {
"name": "docker-stable-24.0.9_ce-160000.4.1.x86_64",
"product_id": "docker-stable-24.0.9_ce-160000.4.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-stable-buildx-0.25.0-160000.4.1.x86_64",
"product": {
"name": "docker-stable-buildx-0.25.0-160000.4.1.x86_64",
"product_id": "docker-stable-buildx-0.25.0-160000.4.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-160000.4.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.aarch64"
},
"product_reference": "docker-stable-24.0.9_ce-160000.4.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-160000.4.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.ppc64le"
},
"product_reference": "docker-stable-24.0.9_ce-160000.4.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-160000.4.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.s390x"
},
"product_reference": "docker-stable-24.0.9_ce-160000.4.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-160000.4.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.x86_64"
},
"product_reference": "docker-stable-24.0.9_ce-160000.4.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-160000.4.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-stable-bash-completion-24.0.9_ce-160000.4.1.noarch"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-160000.4.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.25.0-160000.4.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.aarch64"
},
"product_reference": "docker-stable-buildx-0.25.0-160000.4.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.25.0-160000.4.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.ppc64le"
},
"product_reference": "docker-stable-buildx-0.25.0-160000.4.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.25.0-160000.4.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.s390x"
},
"product_reference": "docker-stable-buildx-0.25.0-160000.4.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.25.0-160000.4.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.x86_64"
},
"product_reference": "docker-stable-buildx-0.25.0-160000.4.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-fish-completion-24.0.9_ce-160000.4.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-stable-fish-completion-24.0.9_ce-160000.4.1.noarch"
},
"product_reference": "docker-stable-fish-completion-24.0.9_ce-160000.4.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-rootless-extras-24.0.9_ce-160000.4.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.4.1.noarch"
},
"product_reference": "docker-stable-rootless-extras-24.0.9_ce-160000.4.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-zsh-completion-24.0.9_ce-160000.4.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.4.1.noarch"
},
"product_reference": "docker-stable-zsh-completion-24.0.9_ce-160000.4.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-30204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-30204"
}
],
"notes": [
{
"category": "general",
"text": "golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function\u0027s argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.aarch64",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.ppc64le",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.s390x",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.x86_64",
"openSUSE Leap 16.0:docker-stable-bash-completion-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.aarch64",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.ppc64le",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.s390x",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.x86_64",
"openSUSE Leap 16.0:docker-stable-fish-completion-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.4.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-30204",
"url": "https://www.suse.com/security/cve/CVE-2025-30204"
},
{
"category": "external",
"summary": "SUSE Bug 1240441 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240441"
},
{
"category": "external",
"summary": "SUSE Bug 1240442 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.aarch64",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.ppc64le",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.s390x",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.x86_64",
"openSUSE Leap 16.0:docker-stable-bash-completion-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.aarch64",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.ppc64le",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.s390x",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.x86_64",
"openSUSE Leap 16.0:docker-stable-fish-completion-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.4.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.aarch64",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.ppc64le",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.s390x",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.x86_64",
"openSUSE Leap 16.0:docker-stable-bash-completion-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.aarch64",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.ppc64le",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.s390x",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.x86_64",
"openSUSE Leap 16.0:docker-stable-fish-completion-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.4.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-16T15:57:03Z",
"details": "important"
}
],
"title": "CVE-2025-30204"
},
{
"cve": "CVE-2025-58181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58181"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.aarch64",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.ppc64le",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.s390x",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.x86_64",
"openSUSE Leap 16.0:docker-stable-bash-completion-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.aarch64",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.ppc64le",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.s390x",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.x86_64",
"openSUSE Leap 16.0:docker-stable-fish-completion-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.4.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58181",
"url": "https://www.suse.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "SUSE Bug 1253784 for CVE-2025-58181",
"url": "https://bugzilla.suse.com/1253784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.aarch64",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.ppc64le",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.s390x",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.x86_64",
"openSUSE Leap 16.0:docker-stable-bash-completion-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.aarch64",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.ppc64le",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.s390x",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.x86_64",
"openSUSE Leap 16.0:docker-stable-fish-completion-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.4.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.aarch64",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.ppc64le",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.s390x",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.x86_64",
"openSUSE Leap 16.0:docker-stable-bash-completion-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.aarch64",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.ppc64le",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.s390x",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.x86_64",
"openSUSE Leap 16.0:docker-stable-fish-completion-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.4.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-16T15:57:03Z",
"details": "moderate"
}
],
"title": "CVE-2025-58181"
}
]
}
RHSA-2025:11396
Vulnerability from csaf_redhat - Published: 2025-07-18 15:51 - Updated: 2026-06-19 19:50Summary
Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.4.5 security and bug fix update
Severity
Important
Notes
Topic: OpenShift API for Data Protection (OADP) 1.4.5 is now available.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details: OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.
Security Fix(es) from Bugzilla:
* golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto (CVE-2024-45337)
* golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html (CVE-2024-45338)
* go-git: argument injection via the URL field (CVE-2025-21613)
* golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws (CVE-2025-22868)
* golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (CVE-2025-22869)
* golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing (CVE-2025-30204)
* go-jose: Go JOSE's Parsing Vulnerable to Denial of Service (CVE-2025-27144)
* net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.
8.2 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.
7.5 (High)
Affected products
Fixed
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64 | — |
Vendor Fix
fix
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64 | — | ||
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64 | — | ||
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x | — | ||
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le | — | ||
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64 | — | ||
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64 | — | ||
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le | — | ||
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x | — | ||
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64 | — | ||
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le | — | ||
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64 | — | ||
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x | — | ||
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64 | — | ||
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le | — | ||
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64 | — | ||
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x | — | ||
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x | — | ||
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le | — | ||
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64 | — | ||
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64 | — | ||
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64 | — | ||
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le | — | ||
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64 | — | ||
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x | — |
Threats
Impact
Important
An argument injection vulnerability was found in go-git. This flaw allows an attacker to set arbitrary values to git-upload-pack flags, leading to command or code execution, exposure of sensitive data, or other unintended behavior. This is only possible in configurations where the file transport protocol is being used.
8.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, ".")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.
7.5 (High)
Affected products
Fixed
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange.
7.5 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to send hidden or unauthorized requests.
5.4 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in GO-JOSE. In affected versions, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code uses strings.Split(token, ".") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. This issue could be exploied by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the golang-jwt implementation of JSON Web Tokens (JWT). In affected versions, a malicious request with specially crafted Authorization header data may trigger an excessive consumption of resources on the host system. This issue can cause significant performance degradation or an application crash, leading to a denial of service.
7.5 (High)
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x | — |
Workaround
|
Threats
Impact
Important
References
71 references
Acknowledgments
jub0bs
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "OpenShift API for Data Protection (OADP) 1.4.5 is now available.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.\n\nSecurity Fix(es) from Bugzilla:\n\n* golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto (CVE-2024-45337)\n\n* golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html (CVE-2024-45338)\n\n* go-git: argument injection via the URL field (CVE-2025-21613)\n\n* golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws (CVE-2025-22868)\n\n* golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (CVE-2025-22869)\n\n* golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing (CVE-2025-30204)\n\n* go-jose: Go JOSE\u0027s Parsing Vulnerable to Denial of Service (CVE-2025-27144)\n\n* net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:11396",
"url": "https://access.redhat.com/errata/RHSA-2025:11396"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2331720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720"
},
{
"category": "external",
"summary": "2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "2335888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2335888"
},
{
"category": "external",
"summary": "2347423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347423"
},
{
"category": "external",
"summary": "2348366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348366"
},
{
"category": "external",
"summary": "2348367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348367"
},
{
"category": "external",
"summary": "2354195",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2354195"
},
{
"category": "external",
"summary": "2358493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358493"
},
{
"category": "external",
"summary": "OADP-5904",
"url": "https://issues.redhat.com/browse/OADP-5904"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_11396.json"
}
],
"title": "Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.4.5 security and bug fix update",
"tracking": {
"current_release_date": "2026-06-19T19:50:40+00:00",
"generator": {
"date": "2026-06-19T19:50:40+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2025:11396",
"initial_release_date": "2025-07-18T15:51:18+00:00",
"revision_history": [
{
"date": "2025-07-18T15:51:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-18T15:51:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-19T19:50:40+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "9Base-OADP-1.4",
"product": {
"name": "9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_api_data_protection:1.4::el9"
}
}
}
],
"category": "product_family",
"name": "OpenShift API for Data Protection"
},
{
"branches": [
{
"category": "product_version",
"name": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
"product": {
"name": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
"product_id": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9\u0026tag=1.4.5-21"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
"product": {
"name": "oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
"product_id": "oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-mustgather-rhel9\u0026tag=1.4.5-34"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
"product": {
"name": "oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
"product_id": "oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-operator-bundle\u0026tag=1.4.5-34"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
"product": {
"name": "oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
"product_id": "oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-rhel9-operator\u0026tag=1.4.5-20"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
"product": {
"name": "oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
"product_id": "oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-rhel9\u0026tag=1.4.5-20"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
"product": {
"name": "oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
"product_id": "oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-rhel9\u0026tag=1.4.5-18"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
"product": {
"name": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
"product_id": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9\u0026tag=1.4.5-19"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
"product": {
"name": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
"product_id": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9\u0026tag=1.4.5-18"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
"product": {
"name": "oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
"product_id": "oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9\u0026tag=1.4.5-17"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
"product": {
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
"product_id": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9\u0026tag=1.4.5-18"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
"product": {
"name": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
"product_id": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9\u0026tag=1.4.5-20"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
"product": {
"name": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
"product_id": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a?arch=arm64\u0026repository_url=registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9\u0026tag=1.4.5-21"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
"product": {
"name": "oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
"product_id": "oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041?arch=arm64\u0026repository_url=registry.redhat.io/oadp/oadp-mustgather-rhel9\u0026tag=1.4.5-34"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
"product": {
"name": "oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
"product_id": "oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a?arch=arm64\u0026repository_url=registry.redhat.io/oadp/oadp-operator-bundle\u0026tag=1.4.5-34"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
"product": {
"name": "oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
"product_id": "oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4?arch=arm64\u0026repository_url=registry.redhat.io/oadp/oadp-rhel9-operator\u0026tag=1.4.5-20"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64",
"product": {
"name": "oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64",
"product_id": "oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b?arch=arm64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-rhel9\u0026tag=1.4.5-20"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
"product": {
"name": "oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
"product_id": "oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1?arch=arm64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-rhel9\u0026tag=1.4.5-18"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
"product": {
"name": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
"product_id": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36?arch=arm64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9\u0026tag=1.4.5-19"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
"product": {
"name": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
"product_id": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed?arch=arm64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9\u0026tag=1.4.5-18"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
"product": {
"name": "oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
"product_id": "oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d?arch=arm64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9\u0026tag=1.4.5-17"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
"product": {
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
"product_id": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc?arch=arm64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9\u0026tag=1.4.5-18"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
"product": {
"name": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
"product_id": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d?arch=arm64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9\u0026tag=1.4.5-20"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
"product": {
"name": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
"product_id": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9\u0026tag=1.4.5-21"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
"product": {
"name": "oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
"product_id": "oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-mustgather-rhel9\u0026tag=1.4.5-34"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
"product": {
"name": "oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
"product_id": "oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-operator-bundle\u0026tag=1.4.5-34"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
"product": {
"name": "oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
"product_id": "oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-rhel9-operator\u0026tag=1.4.5-20"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
"product": {
"name": "oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
"product_id": "oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-rhel9\u0026tag=1.4.5-20"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
"product": {
"name": "oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
"product_id": "oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-rhel9\u0026tag=1.4.5-18"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
"product": {
"name": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
"product_id": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9\u0026tag=1.4.5-19"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
"product": {
"name": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
"product_id": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9\u0026tag=1.4.5-18"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
"product": {
"name": "oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
"product_id": "oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9\u0026tag=1.4.5-17"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
"product": {
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
"product_id": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9\u0026tag=1.4.5-18"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
"product": {
"name": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
"product_id": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9\u0026tag=1.4.5-20"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
"product": {
"name": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
"product_id": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9\u0026tag=1.4.5-21"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
"product": {
"name": "oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
"product_id": "oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-mustgather-rhel9\u0026tag=1.4.5-34"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
"product": {
"name": "oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
"product_id": "oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-operator-bundle\u0026tag=1.4.5-34"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
"product": {
"name": "oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
"product_id": "oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-rhel9-operator\u0026tag=1.4.5-20"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
"product": {
"name": "oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
"product_id": "oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-rhel9\u0026tag=1.4.5-20"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
"product": {
"name": "oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
"product_id": "oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-rhel9\u0026tag=1.4.5-18"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
"product": {
"name": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
"product_id": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9\u0026tag=1.4.5-19"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
"product": {
"name": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
"product_id": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9\u0026tag=1.4.5-18"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
"product": {
"name": "oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
"product_id": "oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9\u0026tag=1.4.5-17"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
"product": {
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
"product_id": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9\u0026tag=1.4.5-18"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
"product": {
"name": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
"product_id": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9\u0026tag=1.4.5-20"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64 as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64"
},
"product_reference": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
"relates_to_product_reference": "9Base-OADP-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x"
},
"product_reference": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
"relates_to_product_reference": "9Base-OADP-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le"
},
"product_reference": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
"relates_to_product_reference": "9Base-OADP-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64 as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64"
},
"product_reference": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
"relates_to_product_reference": "9Base-OADP-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x"
},
"product_reference": "oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
"relates_to_product_reference": "9Base-OADP-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64 as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64"
},
"product_reference": "oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
"relates_to_product_reference": "9Base-OADP-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64 as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64"
},
"product_reference": "oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
"relates_to_product_reference": "9Base-OADP-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le"
},
"product_reference": "oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
"relates_to_product_reference": "9Base-OADP-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64 as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64"
},
"product_reference": "oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
"relates_to_product_reference": "9Base-OADP-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64 as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64"
},
"product_reference": "oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
"relates_to_product_reference": "9Base-OADP-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x"
},
"product_reference": "oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
"relates_to_product_reference": "9Base-OADP-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le"
},
"product_reference": "oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
"relates_to_product_reference": "9Base-OADP-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le"
},
"product_reference": "oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
"relates_to_product_reference": "9Base-OADP-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x"
},
"product_reference": "oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
"relates_to_product_reference": "9Base-OADP-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64 as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64"
},
"product_reference": "oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
"relates_to_product_reference": "9Base-OADP-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64 as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64"
},
"product_reference": "oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
"relates_to_product_reference": "9Base-OADP-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64 as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64"
},
"product_reference": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
"relates_to_product_reference": "9Base-OADP-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64 as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64"
},
"product_reference": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
"relates_to_product_reference": "9Base-OADP-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le"
},
"product_reference": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
"relates_to_product_reference": "9Base-OADP-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x"
},
"product_reference": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
"relates_to_product_reference": "9Base-OADP-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64 as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64"
},
"product_reference": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
"relates_to_product_reference": "9Base-OADP-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le"
},
"product_reference": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
"relates_to_product_reference": "9Base-OADP-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64 as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64"
},
"product_reference": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
"relates_to_product_reference": "9Base-OADP-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x"
},
"product_reference": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
"relates_to_product_reference": "9Base-OADP-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64 as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64"
},
"product_reference": "oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
"relates_to_product_reference": "9Base-OADP-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le"
},
"product_reference": "oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
"relates_to_product_reference": "9Base-OADP-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64 as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64"
},
"product_reference": "oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
"relates_to_product_reference": "9Base-OADP-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x"
},
"product_reference": "oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
"relates_to_product_reference": "9Base-OADP-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x"
},
"product_reference": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
"relates_to_product_reference": "9Base-OADP-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le"
},
"product_reference": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
"relates_to_product_reference": "9Base-OADP-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64 as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64"
},
"product_reference": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
"relates_to_product_reference": "9Base-OADP-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64 as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64"
},
"product_reference": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
"relates_to_product_reference": "9Base-OADP-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64 as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64"
},
"product_reference": "oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
"relates_to_product_reference": "9Base-OADP-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le"
},
"product_reference": "oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
"relates_to_product_reference": "9Base-OADP-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64 as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64"
},
"product_reference": "oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
"relates_to_product_reference": "9Base-OADP-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x"
},
"product_reference": "oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
"relates_to_product_reference": "9Base-OADP-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64 as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64"
},
"product_reference": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
"relates_to_product_reference": "9Base-OADP-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le"
},
"product_reference": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
"relates_to_product_reference": "9Base-OADP-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64 as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64"
},
"product_reference": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
"relates_to_product_reference": "9Base-OADP-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x"
},
"product_reference": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
"relates_to_product_reference": "9Base-OADP-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le"
},
"product_reference": "oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
"relates_to_product_reference": "9Base-OADP-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64 as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64"
},
"product_reference": "oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
"relates_to_product_reference": "9Base-OADP-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x"
},
"product_reference": "oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
"relates_to_product_reference": "9Base-OADP-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64 as a component of 9Base-OADP-1.4",
"product_id": "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
},
"product_reference": "oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64",
"relates_to_product_reference": "9Base-OADP-1.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45337",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2024-12-11T19:00:54.247490+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331720"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as important rather than critical because it does not directly enable unauthorized access but rather introduces a risk of authorization bypass if the application or library misuses the PublicKeyCallback API. The vulnerability relies on incorrect assumptions made by the application when handling the sequence or state of keys provided during SSH authentication. Properly implemented systems that use the Permissions field or avoid relying on external state remain unaffected. Additionally, the vulnerability does not allow direct exploitation to gain control over a system without the presence of insecure logic in the application\u0027s handling of authentication attempts.\n\n\nRed Hat Enterprise Linux(RHEL) 8 \u0026 9 and Red Hat Openshift marked as not affected as it was determined that the problem function `ServerConfig.PublicKeyCallback`, as noted in the CVE-2024-45337 issue, is not called by Podman, Buildah, containers-common, or the gvisor-tap-vsock projects.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
],
"known_not_affected": [
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "RHBZ#2331720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909",
"url": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909"
},
{
"category": "external",
"summary": "https://go.dev/cl/635315",
"url": "https://go.dev/cl/635315"
},
{
"category": "external",
"summary": "https://go.dev/issue/70779",
"url": "https://go.dev/issue/70779"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3321",
"url": "https://pkg.go.dev/vuln/GO-2024-3321"
}
],
"release_date": "2024-12-11T18:55:58.506000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-18T15:51:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11396"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto"
},
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
],
"known_not_affected": [
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-18T15:51:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11396"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
},
{
"cve": "CVE-2025-21613",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2025-01-06T17:00:41.244449+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2335888"
}
],
"notes": [
{
"category": "description",
"text": "An argument injection vulnerability was found in go-git. This flaw allows an attacker to set arbitrary values to git-upload-pack flags, leading to command or code execution, exposure of sensitive data, or other unintended behavior. This is only possible in configurations where the file transport protocol is being used.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go-git: argument injection via the URL field",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an argument injection has been discovered in go-git, where an attackers can manipulate git-upload-pack flags, potentially enabling command or code execution leads to an exposure of sensitive data or other unintended actions, this vulnerability occurs exclusively in configurations using the file transport protocol.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le"
],
"known_not_affected": [
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-21613"
},
{
"category": "external",
"summary": "RHBZ#2335888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2335888"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-21613",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21613"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-21613",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21613"
},
{
"category": "external",
"summary": "https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m",
"url": "https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3368",
"url": "https://pkg.go.dev/vuln/GO-2025-3368"
}
],
"release_date": "2025-01-06T16:13:10.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-18T15:51:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11396"
},
{
"category": "workaround",
"details": "In cases where it is not possible to update to the latest version of go-git, it is recommended to enforce validation rules for values passed in the URL field.",
"product_ids": [
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "go-git: argument injection via the URL field"
},
{
"acknowledgments": [
{
"names": [
"jub0bs"
]
}
],
"cve": "CVE-2025-22868",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2025-02-26T04:00:44.350024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348366"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, \".\")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
],
"known_not_affected": [
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "RHBZ#2348366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://go.dev/cl/652155",
"url": "https://go.dev/cl/652155"
},
{
"category": "external",
"summary": "https://go.dev/issue/71490",
"url": "https://go.dev/issue/71490"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3488",
"url": "https://pkg.go.dev/vuln/GO-2025-3488"
}
],
"release_date": "2025-02-26T03:07:49.012000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-18T15:51:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11396"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, it is recommended to pre-validate any payloads passed to `go-jose` to check that they do not contain an excessive amount of `.` characters.",
"product_ids": [
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws"
},
{
"cve": "CVE-2025-22869",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-02-26T04:00:47.683125+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348367"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While this flaw affects both SSH clients and servers implemented with golang.org/x/crypto/ssh, realistically the flaw will only lead to a DoS when transferring large files, greatly reducing the likelihood of exploitation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
],
"known_not_affected": [
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "RHBZ#2348367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348367"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869"
},
{
"category": "external",
"summary": "https://go.dev/cl/652135",
"url": "https://go.dev/cl/652135"
},
{
"category": "external",
"summary": "https://go.dev/issue/71931",
"url": "https://go.dev/issue/71931"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3487",
"url": "https://pkg.go.dev/vuln/GO-2025-3487"
}
],
"release_date": "2025-02-26T03:07:48.855000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-18T15:51:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11396"
},
{
"category": "workaround",
"details": "This flaw can be mitigated when using the client only connecting to trusted servers.",
"product_ids": [
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
},
{
"cve": "CVE-2025-22871",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2025-04-08T21:01:32.229479+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358493"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling\u2014where an attacker tricks the system to send hidden or unauthorized requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite is rated as Low severity for this vulnerability. However, other affected components remain Moderate. Satellite uses the affected Go net/http component solely as a client to make requests, not as a server. Since this vulnerability only affects server-side usage, Satellite is not directly exposed to the flaw, justifying the lower severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
],
"known_not_affected": [
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22871"
},
{
"category": "external",
"summary": "RHBZ#2358493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358493"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22871",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22871"
},
{
"category": "external",
"summary": "https://go.dev/cl/652998",
"url": "https://go.dev/cl/652998"
},
{
"category": "external",
"summary": "https://go.dev/issue/71988",
"url": "https://go.dev/issue/71988"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk",
"url": "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3563",
"url": "https://pkg.go.dev/vuln/GO-2025-3563"
}
],
"release_date": "2025-04-08T20:04:34.769000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-18T15:51:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11396"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http"
},
{
"cve": "CVE-2025-27144",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-02-24T23:00:42.448432+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2347423"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in GO-JOSE. In affected versions, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code uses strings.Split(token, \".\") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. This issue could be exploied by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go-jose: Go JOSE\u0027s Parsing Vulnerable to Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le"
],
"known_not_affected": [
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-27144"
},
{
"category": "external",
"summary": "RHBZ#2347423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347423"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27144"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-27144",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27144"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/commit/99b346cec4e86d102284642c5dcbe9bb0cacfc22",
"url": "https://github.com/go-jose/go-jose/commit/99b346cec4e86d102284642c5dcbe9bb0cacfc22"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/releases/tag/v4.0.5",
"url": "https://github.com/go-jose/go-jose/releases/tag/v4.0.5"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c6gw-w398-hv78",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c6gw-w398-hv78"
}
],
"release_date": "2025-02-24T22:22:22.863000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-18T15:51:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11396"
},
{
"category": "workaround",
"details": "As a workaround, applications can pre-validate that payloads being passed to Go JOSE do not contain an excessive number of `.` characters.",
"product_ids": [
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "go-jose: Go JOSE\u0027s Parsing Vulnerable to Denial of Service"
},
{
"cve": "CVE-2025-30204",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-03-21T22:00:43.818367+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2354195"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang-jwt implementation of JSON Web Tokens (JWT). In affected versions, a malicious request with specially crafted Authorization header data may trigger an excessive consumption of resources on the host system. This issue can cause significant performance degradation or an application crash, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
],
"known_not_affected": [
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-30204"
},
{
"category": "external",
"summary": "RHBZ#2354195",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2354195"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-30204",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30204"
},
{
"category": "external",
"summary": "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3",
"url": "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3"
},
{
"category": "external",
"summary": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp",
"url": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3553",
"url": "https://pkg.go.dev/vuln/GO-2025-3553"
}
],
"release_date": "2025-03-21T21:42:01.382000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-18T15:51:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11396"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have a recommended mitigation at this time.",
"product_ids": [
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
"9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
"9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
"9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
"9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…