Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-60542 (GCVE-0-2025-60542)
Vulnerability from cvelistv5 – Published: 2025-10-29 00:00 – Updated: 2025-10-30 20:28
VLAI
EPSS
Summary
SQL Injection vulnerability in TypeORM before 0.3.26 via crafted request to repository.save or repository.update due to the sqlstring call using stringifyObjects default to false.
Severity
6.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-60542",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-30T20:28:03.239406Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T20:28:41.544Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in TypeORM before 0.3.26 via crafted request to repository.save or repository.update due to the sqlstring call using stringifyObjects default to false."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T15:13:46.568Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/typeorm/typeorm/releases?q=security\u0026expanded=true"
},
{
"url": "https://github.com/typeorm/typeorm/pull/11574"
},
{
"url": "https://github.com/typeorm/typeorm/releases/tag/0.3.26"
},
{
"url": "https://medium.com/@alizada.cavad/cve-2025-60542-typeorm-mysql-sqli-0-3-25-a1b32bc60453"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-60542",
"datePublished": "2025-10-29T00:00:00.000Z",
"dateReserved": "2025-09-26T00:00:00.000Z",
"dateUpdated": "2025-10-30T20:28:41.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-60542",
"date": "2026-05-29",
"epss": "0.00044",
"percentile": "0.13915"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-60542\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2025-10-29T16:15:34.057\",\"lastModified\":\"2025-10-30T21:15:34.430\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SQL Injection vulnerability in TypeORM before 0.3.26 via crafted request to repository.save or repository.update due to the sqlstring call using stringifyObjects default to false.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"references\":[{\"url\":\"https://github.com/typeorm/typeorm/pull/11574\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/typeorm/typeorm/releases/tag/0.3.26\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/typeorm/typeorm/releases?q=security\u0026expanded=true\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://medium.com/@alizada.cavad/cve-2025-60542-typeorm-mysql-sqli-0-3-25-a1b32bc60453\",\"source\":\"cve@mitre.org\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-60542\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-30T20:28:03.239406Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-89\", \"description\": \"CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-30T20:28:36.071Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://github.com/typeorm/typeorm/releases?q=security\u0026expanded=true\"}, {\"url\": \"https://github.com/typeorm/typeorm/pull/11574\"}, {\"url\": \"https://github.com/typeorm/typeorm/releases/tag/0.3.26\"}, {\"url\": \"https://medium.com/@alizada.cavad/cve-2025-60542-typeorm-mysql-sqli-0-3-25-a1b32bc60453\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"SQL Injection vulnerability in TypeORM before 0.3.26 via crafted request to repository.save or repository.update due to the sqlstring call using stringifyObjects default to false.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2025-10-29T15:13:46.568Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-60542\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-30T20:28:41.544Z\", \"dateReserved\": \"2025-09-26T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2025-10-29T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2025-60542
Vulnerability from fkie_nvd - Published: 2025-10-29 16:15 - Updated: 2026-04-15 00:35
Severity
Summary
SQL Injection vulnerability in TypeORM before 0.3.26 via crafted request to repository.save or repository.update due to the sqlstring call using stringifyObjects default to false.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in TypeORM before 0.3.26 via crafted request to repository.save or repository.update due to the sqlstring call using stringifyObjects default to false."
}
],
"id": "CVE-2025-60542",
"lastModified": "2026-04-15T00:35:42.020",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-10-29T16:15:34.057",
"references": [
{
"source": "cve@mitre.org",
"url": "https://github.com/typeorm/typeorm/pull/11574"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/typeorm/typeorm/releases/tag/0.3.26"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/typeorm/typeorm/releases?q=security\u0026expanded=true"
},
{
"source": "cve@mitre.org",
"url": "https://medium.com/@alizada.cavad/cve-2025-60542-typeorm-mysql-sqli-0-3-25-a1b32bc60453"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
GHSA-Q2PJ-6V73-8RGJ
Vulnerability from github – Published: 2025-10-29 18:30 – Updated: 2025-10-31 17:38
VLAI
Summary
TypeORM vulnerable to SQL injection via crafted request to repository.save or repository.update
Details
Summary
SQL Injection vulnerability in TypeORM before 0.3.26 via crafted request to repository.save or repository.update due to the sqlstring call using stringifyObjects default to false.
Details
Vulnerable Code:
const { username, city, name} = req.body;
const updateData = {
username,
city,
name,
id:userId
}; // Developer aims to only allow above three fields to be updated
const result = await userRepo.save(updateData);
Intended Payload (non-malicious):
username=myusername&city=Riga&name=Javad
OR
{username:\"myusername\",phone:12345,name:\"Javad\"}
SQL query produced:
UPDATE `user`
SET `username` = 'myusername',
`city` = 'Riga',
`name` = 'Javad'
WHERE `id` IN (1);
Malicious Payload:
username=myusername&city[name]=Riga&city[role]=admin
OR
{username:\"myusername\",city:{name:\"Javad\",role:\"admin\"}}
SQL query produced with Injected Column:
UPDATE `user`
SET `username` = 'myusername',
`city` = `name` = 'Javad',
`role` = 'admin'
WHERE `id` IN (1);
Above query is valid as city = name = Javad is a boolean expression resulting in city = 1 (false). “role” column is injected and updated.
Underlying issue was due to TypeORM using mysql2 without specifying a value for the stringifyObjects option. In both mysql and mysql2 this option defaults to false. This option is then passed into SQLString library as false. This results in sqlstring parsing objects in a strange way using objectToValues.
Severity
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "typeorm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.3.26"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-60542"
],
"database_specific": {
"cwe_ids": [
"CWE-89"
],
"github_reviewed": true,
"github_reviewed_at": "2025-10-31T17:38:00Z",
"nvd_published_at": "2025-10-29T16:15:34Z",
"severity": "HIGH"
},
"details": "### Summary\n\nSQL Injection vulnerability in TypeORM before 0.3.26 via crafted request to repository.save or repository.update due to the sqlstring call using stringifyObjects default to false.\n\n### Details\n\nVulnerable Code:\n\n```js\nconst { username, city, name} = req.body;\nconst updateData = {\n username,\n city,\n name,\n id:userId\n }; // Developer aims to only allow above three fields to be updated \nconst result = await userRepo.save(updateData);\n```\n\nIntended Payload (non-malicious):\n\n\n`\nusername=myusername\u0026city=Riga\u0026name=Javad\n`\n\n_OR_\n\n`{username:\\\"myusername\\\",phone:12345,name:\\\"Javad\\\"}\n`\n\nSQL query produced:\n\n```sql\nUPDATE `user` \nSET `username` = \u0027myusername\u0027, \n `city` = \u0027Riga\u0027, \n `name` = \u0027Javad\u0027 \nWHERE `id` IN (1);\n\n```\n\nMalicious Payload:\n\n`username=myusername\u0026city[name]=Riga\u0026city[role]=admin\n`\n\n_OR_\n\n`{username:\\\"myusername\\\",city:{name:\\\"Javad\\\",role:\\\"admin\\\"}}\n`\n\nSQL query produced with Injected Column:\n\n```sql\nUPDATE `user` \nSET `username` = \u0027myusername\u0027, \n `city` = `name` = \u0027Javad\u0027, \n `role` = \u0027admin\u0027 \nWHERE `id` IN (1);\n\n```\n_Above query is valid as `city` = `name` = `Javad` is a boolean expression resulting in `city` = 1 (false). \u201crole\u201d column is injected and updated._\n\nUnderlying issue was due to TypeORM using mysql2 [without specifying a value for the stringifyObjects option](https://github.com/typeorm/typeorm/blob/0.3.25/src/driver/mysql/MysqlConnectionOptions.ts). In both mysql and mysql2 this [option defaults to false](https://github.com/sidorares/node-mysql2/blob/e359f454a76ba5dc31b91adf7bdb4099ca317bb5/lib/connection_config.js#L124). This option is then passed into [SQLString library as false](https://github.com/sidorares/node-mysql2/blob/e359f454a76ba5dc31b91adf7bdb4099ca317bb5/lib/base/connection.js#L524). This results in sqlstring [parsing objects in a strange way using objectToValues.](https://github.com/mysqljs/sqlstring/blob/cd528556b4b6bcf300c3db515026935dedf7cfa1/lib/SqlString.js#L54)",
"id": "GHSA-q2pj-6v73-8rgj",
"modified": "2025-10-31T17:38:00Z",
"published": "2025-10-29T18:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60542"
},
{
"type": "WEB",
"url": "https://github.com/typeorm/typeorm/pull/11574"
},
{
"type": "WEB",
"url": "https://github.com/typeorm/typeorm/commit/d57fe3bd8578b0b8f9847647fd046bccf825a7ef"
},
{
"type": "WEB",
"url": "https://github.com/mysqljs/sqlstring/blob/cd528556b4b6bcf300c3db515026935dedf7cfa1/lib/SqlString.js#L54"
},
{
"type": "WEB",
"url": "https://github.com/sidorares/node-mysql2/blob/e359f454a76ba5dc31b91adf7bdb4099ca317bb5/lib/base/connection.js#L524"
},
{
"type": "WEB",
"url": "https://github.com/sidorares/node-mysql2/blob/e359f454a76ba5dc31b91adf7bdb4099ca317bb5/lib/connection_config.js#L124"
},
{
"type": "WEB",
"url": "https://github.com/typeorm/typeorm/blob/0.3.25/src/driver/mysql/MysqlConnectionOptions.ts"
},
{
"type": "WEB",
"url": "https://github.com/typeorm/typeorm/releases/tag/0.3.26"
},
{
"type": "WEB",
"url": "https://github.com/typeorm/typeorm/releases?q=security\u0026expanded=true"
},
{
"type": "WEB",
"url": "https://medium.com/@alizada.cavad/cve-2025-60542-typeorm-mysql-sqli-0-3-25-a1b32bc60453"
},
{
"type": "PACKAGE",
"url": "http://github.com/typeorm/typeorm"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:H/SA:L/E:P",
"type": "CVSS_V4"
}
],
"summary": "TypeORM vulnerable to SQL injection via crafted request to repository.save or repository.update"
}
RHSA-2025:22404
Vulnerability from csaf_redhat - Published: 2025-12-01 09:19 - Updated: 2025-12-08 15:20Summary
Red Hat Security Advisory: Red Hat Developer Hub 1.7.3 release.
Severity
Important
Notes
Topic: Red Hat Developer Hub 1.7.3 has been released.
Details: Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in TypeORM. When used with MySQL/mysql2 drivers, the repository.save or repository.update methods incorrectly handle nested JSON objects. This is due to an underlying setting (stringifyObjects: false) that allows an attacker to craft a malicious JSON payload and cause a SQL injection flaw, leading to a bypass of field-level restrictions, modification of columns in the database and potentially to privilege escalation.
8.2 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bedacfa68d74fce1e9efe3a3fdb18963f4e648d7ab6ccf34b868d62d9f25304a_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:54c5cd2a4865a372ba9465908f73928382745e04ad446c97b28adde213d13309_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f45ee5600c84c3d014c8bfb9a06e3b600acaa74ce8ff4bf12e5124d25cbe5bfe_amd64 | — |
Workaround
|
Threats
Impact
Important
References
17 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Developer Hub 1.7.3 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Developer Hub (RHDH) is Red Hat\u0027s enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:22404",
"url": "https://access.redhat.com/errata/RHSA-2025:22404"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-60542",
"url": "https://access.redhat.com/security/cve/CVE-2025-60542"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh",
"url": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh"
},
{
"category": "external",
"summary": "https://developers.redhat.com/rhdh/overview",
"url": "https://developers.redhat.com/rhdh/overview"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_developer_hub",
"url": "https://docs.redhat.com/en/documentation/red_hat_developer_hub"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHDHPLAN-367",
"url": "https://issues.redhat.com/browse/RHDHPLAN-367"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-9741",
"url": "https://issues.redhat.com/browse/RHIDP-9741"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_22404.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Developer Hub 1.7.3 release.",
"tracking": {
"current_release_date": "2025-12-08T15:20:07+00:00",
"generator": {
"date": "2025-12-08T15:20:07+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.13"
}
},
"id": "RHSA-2025:22404",
"initial_release_date": "2025-12-01T09:19:00+00:00",
"revision_history": [
{
"date": "2025-12-01T09:19:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-01T09:19:04+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-12-08T15:20:07+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Developer Hub 1.7",
"product": {
"name": "Red Hat Developer Hub 1.7",
"product_id": "Red Hat Developer Hub 1.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhdh:1.7::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Developer Hub"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bedacfa68d74fce1e9efe3a3fdb18963f4e648d7ab6ccf34b868d62d9f25304a_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bedacfa68d74fce1e9efe3a3fdb18963f4e648d7ab6ccf34b868d62d9f25304a_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bedacfa68d74fce1e9efe3a3fdb18963f4e648d7ab6ccf34b868d62d9f25304a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-hub-rhel9@sha256%3Abedacfa68d74fce1e9efe3a3fdb18963f4e648d7ab6ccf34b868d62d9f25304a?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.7.3-1764237628"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f45ee5600c84c3d014c8bfb9a06e3b600acaa74ce8ff4bf12e5124d25cbe5bfe_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f45ee5600c84c3d014c8bfb9a06e3b600acaa74ce8ff4bf12e5124d25cbe5bfe_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f45ee5600c84c3d014c8bfb9a06e3b600acaa74ce8ff4bf12e5124d25cbe5bfe_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-rhel9-operator@sha256%3Af45ee5600c84c3d014c8bfb9a06e3b600acaa74ce8ff4bf12e5124d25cbe5bfe?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.7.3-1764235280"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:54c5cd2a4865a372ba9465908f73928382745e04ad446c97b28adde213d13309_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:54c5cd2a4865a372ba9465908f73928382745e04ad446c97b28adde213d13309_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:54c5cd2a4865a372ba9465908f73928382745e04ad446c97b28adde213d13309_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-operator-bundle@sha256%3A54c5cd2a4865a372ba9465908f73928382745e04ad446c97b28adde213d13309?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.7.3-1764255796"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bedacfa68d74fce1e9efe3a3fdb18963f4e648d7ab6ccf34b868d62d9f25304a_amd64 as a component of Red Hat Developer Hub 1.7",
"product_id": "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bedacfa68d74fce1e9efe3a3fdb18963f4e648d7ab6ccf34b868d62d9f25304a_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bedacfa68d74fce1e9efe3a3fdb18963f4e648d7ab6ccf34b868d62d9f25304a_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:54c5cd2a4865a372ba9465908f73928382745e04ad446c97b28adde213d13309_amd64 as a component of Red Hat Developer Hub 1.7",
"product_id": "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:54c5cd2a4865a372ba9465908f73928382745e04ad446c97b28adde213d13309_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:54c5cd2a4865a372ba9465908f73928382745e04ad446c97b28adde213d13309_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f45ee5600c84c3d014c8bfb9a06e3b600acaa74ce8ff4bf12e5124d25cbe5bfe_amd64 as a component of Red Hat Developer Hub 1.7",
"product_id": "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f45ee5600c84c3d014c8bfb9a06e3b600acaa74ce8ff4bf12e5124d25cbe5bfe_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f45ee5600c84c3d014c8bfb9a06e3b600acaa74ce8ff4bf12e5124d25cbe5bfe_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-60542",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2025-10-29T16:01:34.709224+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:54c5cd2a4865a372ba9465908f73928382745e04ad446c97b28adde213d13309_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f45ee5600c84c3d014c8bfb9a06e3b600acaa74ce8ff4bf12e5124d25cbe5bfe_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407114"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in TypeORM. When used with MySQL/mysql2 drivers, the repository.save or repository.update methods incorrectly handle nested JSON objects. This is due to an underlying setting (stringifyObjects: false) that allows an attacker to craft a malicious JSON payload and cause a SQL injection flaw, leading to a bypass of field-level restrictions, modification of columns in the database and potentially to privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "TypeORM: SQL Injection via crafted request to repository.save or repository.update",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "An attacker able to send a specially crafted JSON payload to an application using the repository.save or repository.update methods can exploit this vulnerability. Additionally, the stringifyObjects option used by TypeORM is set to false by default, increasing the exposure of this issue. Due to these reasons, this flaw has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bedacfa68d74fce1e9efe3a3fdb18963f4e648d7ab6ccf34b868d62d9f25304a_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:54c5cd2a4865a372ba9465908f73928382745e04ad446c97b28adde213d13309_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f45ee5600c84c3d014c8bfb9a06e3b600acaa74ce8ff4bf12e5124d25cbe5bfe_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-60542"
},
{
"category": "external",
"summary": "RHBZ#2407114",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407114"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-60542",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60542"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-60542",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60542"
},
{
"category": "external",
"summary": "https://github.com/typeorm/typeorm/pull/11574",
"url": "https://github.com/typeorm/typeorm/pull/11574"
},
{
"category": "external",
"summary": "https://github.com/typeorm/typeorm/releases/tag/0.3.26",
"url": "https://github.com/typeorm/typeorm/releases/tag/0.3.26"
},
{
"category": "external",
"summary": "https://github.com/typeorm/typeorm/releases?q=security\u0026expanded=true",
"url": "https://github.com/typeorm/typeorm/releases?q=security\u0026expanded=true"
},
{
"category": "external",
"summary": "https://medium.com/@alizada.cavad/cve-2025-60542-typeorm-mysql-sqli-0-3-25-a1b32bc60453",
"url": "https://medium.com/@alizada.cavad/cve-2025-60542-typeorm-mysql-sqli-0-3-25-a1b32bc60453"
}
],
"release_date": "2025-10-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-01T09:19:00+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bedacfa68d74fce1e9efe3a3fdb18963f4e648d7ab6ccf34b868d62d9f25304a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22404"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bedacfa68d74fce1e9efe3a3fdb18963f4e648d7ab6ccf34b868d62d9f25304a_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:54c5cd2a4865a372ba9465908f73928382745e04ad446c97b28adde213d13309_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f45ee5600c84c3d014c8bfb9a06e3b600acaa74ce8ff4bf12e5124d25cbe5bfe_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bedacfa68d74fce1e9efe3a3fdb18963f4e648d7ab6ccf34b868d62d9f25304a_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:54c5cd2a4865a372ba9465908f73928382745e04ad446c97b28adde213d13309_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f45ee5600c84c3d014c8bfb9a06e3b600acaa74ce8ff4bf12e5124d25cbe5bfe_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "TypeORM: SQL Injection via crafted request to repository.save or repository.update"
}
]
}
RHSA-2025:22861
Vulnerability from csaf_redhat - Published: 2025-12-08 15:17 - Updated: 2026-05-28 02:58Summary
Red Hat Security Advisory: Red Hat Developer Hub 1.8.1 release.
Severity
Important
Notes
Topic: Red Hat Developer Hub 1.8.1 has been released.
Details: Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in TypeORM. When used with MySQL/mysql2 drivers, the repository.save or repository.update methods incorrectly handle nested JSON objects. This is due to an underlying setting (stringifyObjects: false) that allows an attacker to craft a malicious JSON payload and cause a SQL injection flaw, leading to a bypass of field-level restrictions, modification of columns in the database and potentially to privilege escalation.
8.2 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64 | — |
Workaround
|
Threats
Impact
Important
An ASN.1 Denial of Service (Dos) vulnerability exists in the node-forge asn1.fromDer function within forge/lib/asn1.js. The ASN.1 DER parser implementation (_fromDer) recurses for every constructed ASN.1 value (SEQUENCE, SET, etc.) and lacks a guard limiting recursion depth. An attacker can craft a small DER blob containing a very large nesting depth of constructed TLVs which causes the Node.js V8 engine to exhaust its call stack and throw RangeError: Maximum call stack size exceeded, crashing or incapacitating the process handling the parse. This is a remote, low-cost Denial-of-Service against applications that parse untrusted ASN.1 objects.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64 | — |
Workaround
|
Threats
Impact
Moderate
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Developer Hub 1.8.1 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Developer Hub (RHDH) is Red Hat\u0027s enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:22861",
"url": "https://access.redhat.com/errata/RHSA-2025:22861"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-60542",
"url": "https://access.redhat.com/security/cve/CVE-2025-60542"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh",
"url": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh"
},
{
"category": "external",
"summary": "https://developers.redhat.com/rhdh/overview",
"url": "https://developers.redhat.com/rhdh/overview"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_developer_hub",
"url": "https://docs.redhat.com/en/documentation/red_hat_developer_hub"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-11025",
"url": "https://issues.redhat.com/browse/RHIDP-11025"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-9743",
"url": "https://issues.redhat.com/browse/RHIDP-9743"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_22861.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Developer Hub 1.8.1 release.",
"tracking": {
"current_release_date": "2026-05-28T02:58:53+00:00",
"generator": {
"date": "2026-05-28T02:58:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:22861",
"initial_release_date": "2025-12-08T15:17:40+00:00",
"revision_history": [
{
"date": "2025-12-08T15:17:40+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-08T15:17:48+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-28T02:58:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Developer Hub 1.8",
"product": {
"name": "Red Hat Developer Hub 1.8",
"product_id": "Red Hat Developer Hub 1.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhdh:1.8::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Developer Hub"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-hub-rhel9@sha256%3A27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.8.1-1764857949"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-rhel9-operator@sha256%3A43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.8.1-1764708361"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-operator-bundle@sha256%3A8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.8.1-1764862616"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64 as a component of Red Hat Developer Hub 1.8",
"product_id": "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64 as a component of Red Hat Developer Hub 1.8",
"product_id": "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64 as a component of Red Hat Developer Hub 1.8",
"product_id": "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-60542",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2025-10-29T16:01:34.709224+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407114"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in TypeORM. When used with MySQL/mysql2 drivers, the repository.save or repository.update methods incorrectly handle nested JSON objects. This is due to an underlying setting (stringifyObjects: false) that allows an attacker to craft a malicious JSON payload and cause a SQL injection flaw, leading to a bypass of field-level restrictions, modification of columns in the database and potentially to privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "TypeORM: SQL Injection via crafted request to repository.save or repository.update",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "An attacker able to send a specially crafted JSON payload to an application using the repository.save or repository.update methods can exploit this vulnerability. Additionally, the stringifyObjects option used by TypeORM is set to false by default, increasing the exposure of this issue. Due to these reasons, this flaw has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-60542"
},
{
"category": "external",
"summary": "RHBZ#2407114",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407114"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-60542",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60542"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-60542",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60542"
},
{
"category": "external",
"summary": "https://github.com/typeorm/typeorm/pull/11574",
"url": "https://github.com/typeorm/typeorm/pull/11574"
},
{
"category": "external",
"summary": "https://github.com/typeorm/typeorm/releases/tag/0.3.26",
"url": "https://github.com/typeorm/typeorm/releases/tag/0.3.26"
},
{
"category": "external",
"summary": "https://github.com/typeorm/typeorm/releases?q=security\u0026expanded=true",
"url": "https://github.com/typeorm/typeorm/releases?q=security\u0026expanded=true"
},
{
"category": "external",
"summary": "https://medium.com/@alizada.cavad/cve-2025-60542-typeorm-mysql-sqli-0-3-25-a1b32bc60453",
"url": "https://medium.com/@alizada.cavad/cve-2025-60542-typeorm-mysql-sqli-0-3-25-a1b32bc60453"
}
],
"release_date": "2025-10-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-08T15:17:40+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22861"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "TypeORM: SQL Injection via crafted request to repository.save or repository.update"
},
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-11-26T23:01:36.363253+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417397"
}
],
"notes": [
{
"category": "description",
"text": "An ASN.1 Denial of Service (Dos) vulnerability exists in the node-forge asn1.fromDer function within forge/lib/asn1.js. The ASN.1 DER parser implementation (_fromDer) recurses for every constructed ASN.1 value (SEQUENCE, SET, etc.) and lacks a guard limiting recursion depth. An attacker can craft a small DER blob containing a very large nesting depth of constructed TLVs which causes the Node.js V8 engine to exhaust its call stack and throw RangeError: Maximum call stack size exceeded, crashing or incapacitating the process handling the parse. This is a remote, low-cost Denial-of-Service against applications that parse untrusted ASN.1 objects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge ASN.1 Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "RHBZ#2417397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
}
],
"release_date": "2025-11-26T22:23:26.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-08T15:17:40+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22861"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:27d08ffa1bc6a2270b5eab59aedaf866cf68ccb902503c2e58e2e2337a1236b9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:8b5ec4b6085ecb32ea52c33d97adecc313341681b41d891f5346e9b9f8b8a249_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:43839417363ec2910a4746050005f9fbe5efe5776d44a0bd36a8f4b8ecf71ffa_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: node-forge ASN.1 Unbounded Recursion"
}
]
}
WID-SEC-W-2025-2702
Vulnerability from csaf_certbund - Published: 2025-11-30 23:00 - Updated: 2025-12-08 23:00Summary
Red Hat Enterprise Linux (Developer Hub): Schwachstelle ermöglicht Manipulation von Dateien
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux Developer Hub ausnutzen, um eine SQL-Injection durchzuführen und möglicherweise Sicherheitsmaßnahmen zu umgehen, Daten zu ändern oder Berechtigungen zu erweitern.
Betroffene Betriebssysteme: - Linux
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Developer Hub <1.7.3
Red Hat / Enterprise Linux
|
Developer Hub <1.7.3 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— |
References
5 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux Developer Hub ausnutzen, um eine SQL-Injection durchzuf\u00fchren und m\u00f6glicherweise Sicherheitsma\u00dfnahmen zu umgehen, Daten zu \u00e4ndern oder Berechtigungen zu erweitern.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2702 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2702.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2702 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2702"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2025-11-30",
"url": "https://access.redhat.com/errata/RHSA-2025:22404"
},
{
"category": "external",
"summary": "RedHat Customer Portal vom 2025-11-30",
"url": "https://access.redhat.com/security/cve/cve-2025-60542"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:22861 vom 2025-12-08",
"url": "https://access.redhat.com/errata/RHSA-2025:22861"
}
],
"source_lang": "en-US",
"title": "Red Hat Enterprise Linux (Developer Hub): Schwachstelle erm\u00f6glicht Manipulation von Dateien",
"tracking": {
"current_release_date": "2025-12-08T23:00:00.000+00:00",
"generator": {
"date": "2025-12-09T08:26:20.576+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-2702",
"initial_release_date": "2025-11-30T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-11-30T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-12-08T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version_range",
"name": "Developer Hub \u003c1.7.3",
"product": {
"name": "Red Hat Enterprise Linux Developer Hub \u003c1.7.3",
"product_id": "T048968"
}
},
{
"category": "product_version",
"name": "Developer Hub 1.7.3",
"product": {
"name": "Red Hat Enterprise Linux Developer Hub 1.7.3",
"product_id": "T048968-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:developer_hub__1.7.3"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-60542",
"product_status": {
"known_affected": [
"T048968",
"67646"
]
},
"release_date": "2025-11-30T23:00:00.000+00:00",
"title": "CVE-2025-60542"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…