Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-61729 (GCVE-0-2025-61729)
Vulnerability from cvelistv5 – Published: 2025-12-02 18:54 – Updated: 2025-12-03 19:37- CWE-400 - Uncontrolled Resource Consumption
| Vendor | Product | Version | |
|---|---|---|---|
| Go standard library | crypto/x509 |
Affected:
0 , < 1.24.11
(semver)
Affected: 1.25.0 , < 1.25.5 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-61729",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T21:52:36.341575Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T21:52:58.224Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "crypto/x509",
"product": "crypto/x509",
"programRoutines": [
{
"name": "Certificate.VerifyHostname"
},
{
"name": "Certificate.Verify"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.24.11",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.25.5",
"status": "affected",
"version": "1.25.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Philippe Antoine (Catena cyber)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T19:37:14.903Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/cl/725920"
},
{
"url": "https://go.dev/issue/76445"
},
{
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"title": "Excessive resource consumption when printing error string for host certificate validation in crypto/x509"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2025-61729",
"datePublished": "2025-12-02T18:54:10.166Z",
"dateReserved": "2025-09-30T15:05:03.605Z",
"dateUpdated": "2025-12-03T19:37:14.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-61729",
"date": "2026-07-02",
"epss": "0.00459",
"percentile": "0.36574"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-61729\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2025-12-02T19:15:51.447\",\"lastModified\":\"2026-06-17T09:50:48.507\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.\"}],\"affected\":[{\"source\":\"security@golang.org\",\"affectedData\":[{\"vendor\":\"Go standard library\",\"product\":\"crypto/x509\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://pkg.go.dev\",\"packageName\":\"crypto/x509\",\"programRoutines\":[{\"name\":\"Certificate.VerifyHostname\"},{\"name\":\"Certificate.Verify\"}],\"versions\":[{\"version\":\"0\",\"lessThan\":\"1.24.11\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"1.25.0\",\"lessThan\":\"1.25.5\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-12-02T21:52:36.341575Z\",\"id\":\"CVE-2025-61729\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.24.11\",\"matchCriteriaId\":\"F2E6FD2A-A487-4099-B91D-2429F286AC6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.25.0\",\"versionEndExcluding\":\"1.25.5\",\"matchCriteriaId\":\"39C03A37-B94B-46E4-B1C2-A70A870F8E53\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/725920\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://go.dev/issue/76445\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/8FJoBkPddm4\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Release Notes\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2025-4155\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-61729\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-02T21:52:36.341575Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-12-02T21:52:53.822Z\"}}], \"cna\": {\"title\": \"Excessive resource consumption when printing error string for host certificate validation in crypto/x509\", \"credits\": [{\"lang\": \"en\", \"value\": \"Philippe Antoine (Catena cyber)\"}], \"affected\": [{\"vendor\": \"Go standard library\", \"product\": \"crypto/x509\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.24.11\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.25.0\", \"lessThan\": \"1.25.5\", \"versionType\": \"semver\"}], \"packageName\": \"crypto/x509\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"Certificate.VerifyHostname\"}, {\"name\": \"Certificate.Verify\"}]}], \"references\": [{\"url\": \"https://go.dev/cl/725920\"}, {\"url\": \"https://go.dev/issue/76445\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/8FJoBkPddm4\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2025-4155\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-400: Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2025-12-03T19:37:14.903Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-61729\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-03T19:37:14.903Z\", \"dateReserved\": \"2025-09-30T15:05:03.605Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2025-12-02T18:54:10.166Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:5645
Vulnerability from csaf_redhat - Published: 2026-03-24 15:38 - Updated: 2026-07-03 11:04A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:3a01605ba6dd883043f622596c54bfdfc938cdab48f4c32638e6cad807c57e9a_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:42f78dae41109753d076a75c14a9bc16096575cfdea102fdeda252665ff0381f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4974faad72c7c67e6d55f7bf8c9c2d752af17a2f48ef63153fe226b080d36132_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:abcdf8c79fe663805d3bd5e43ac73b0472b5dab8c9dd80c90e1cf54ff161f41f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:6a2828505d9760b9d4f27d5eafa05db0d025b45787828bc5e125b7c75d1f329f_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:9011ffee4064e0f466d6bc27c54f60ec2e1f041d1240548101d9ed9e0254df12_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1bfde47d53ed34e899229870228ce35230fa216ade3e348befd9b77c2c7ceea_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c73275043cc2caad071a88cb63f3745471fae11a953291b3dd93db4d752b1b13_ppc64le | — |
Vendor Fix
fix
|
A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:3a01605ba6dd883043f622596c54bfdfc938cdab48f4c32638e6cad807c57e9a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:42f78dae41109753d076a75c14a9bc16096575cfdea102fdeda252665ff0381f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4974faad72c7c67e6d55f7bf8c9c2d752af17a2f48ef63153fe226b080d36132_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:abcdf8c79fe663805d3bd5e43ac73b0472b5dab8c9dd80c90e1cf54ff161f41f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:6a2828505d9760b9d4f27d5eafa05db0d025b45787828bc5e125b7c75d1f329f_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:9011ffee4064e0f466d6bc27c54f60ec2e1f041d1240548101d9ed9e0254df12_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1bfde47d53ed34e899229870228ce35230fa216ade3e348befd9b77c2c7ceea_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c73275043cc2caad071a88cb63f3745471fae11a953291b3dd93db4d752b1b13_ppc64le | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:3a01605ba6dd883043f622596c54bfdfc938cdab48f4c32638e6cad807c57e9a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:42f78dae41109753d076a75c14a9bc16096575cfdea102fdeda252665ff0381f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4974faad72c7c67e6d55f7bf8c9c2d752af17a2f48ef63153fe226b080d36132_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:abcdf8c79fe663805d3bd5e43ac73b0472b5dab8c9dd80c90e1cf54ff161f41f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:6a2828505d9760b9d4f27d5eafa05db0d025b45787828bc5e125b7c75d1f329f_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:9011ffee4064e0f466d6bc27c54f60ec2e1f041d1240548101d9ed9e0254df12_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1bfde47d53ed34e899229870228ce35230fa216ade3e348befd9b77c2c7ceea_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c73275043cc2caad071a88cb63f3745471fae11a953291b3dd93db4d752b1b13_ppc64le | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:3a01605ba6dd883043f622596c54bfdfc938cdab48f4c32638e6cad807c57e9a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:42f78dae41109753d076a75c14a9bc16096575cfdea102fdeda252665ff0381f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4974faad72c7c67e6d55f7bf8c9c2d752af17a2f48ef63153fe226b080d36132_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:abcdf8c79fe663805d3bd5e43ac73b0472b5dab8c9dd80c90e1cf54ff161f41f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:6a2828505d9760b9d4f27d5eafa05db0d025b45787828bc5e125b7c75d1f329f_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:9011ffee4064e0f466d6bc27c54f60ec2e1f041d1240548101d9ed9e0254df12_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1bfde47d53ed34e899229870228ce35230fa216ade3e348befd9b77c2c7ceea_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c73275043cc2caad071a88cb63f3745471fae11a953291b3dd93db4d752b1b13_ppc64le | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:3a01605ba6dd883043f622596c54bfdfc938cdab48f4c32638e6cad807c57e9a_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:42f78dae41109753d076a75c14a9bc16096575cfdea102fdeda252665ff0381f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4974faad72c7c67e6d55f7bf8c9c2d752af17a2f48ef63153fe226b080d36132_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:abcdf8c79fe663805d3bd5e43ac73b0472b5dab8c9dd80c90e1cf54ff161f41f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:6a2828505d9760b9d4f27d5eafa05db0d025b45787828bc5e125b7c75d1f329f_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:9011ffee4064e0f466d6bc27c54f60ec2e1f041d1240548101d9ed9e0254df12_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1bfde47d53ed34e899229870228ce35230fa216ade3e348befd9b77c2c7ceea_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c73275043cc2caad071a88cb63f3745471fae11a953291b3dd93db4d752b1b13_ppc64le | — |
Vendor Fix
fix
|
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:3a01605ba6dd883043f622596c54bfdfc938cdab48f4c32638e6cad807c57e9a_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:42f78dae41109753d076a75c14a9bc16096575cfdea102fdeda252665ff0381f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4974faad72c7c67e6d55f7bf8c9c2d752af17a2f48ef63153fe226b080d36132_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:abcdf8c79fe663805d3bd5e43ac73b0472b5dab8c9dd80c90e1cf54ff161f41f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:6a2828505d9760b9d4f27d5eafa05db0d025b45787828bc5e125b7c75d1f329f_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:9011ffee4064e0f466d6bc27c54f60ec2e1f041d1240548101d9ed9e0254df12_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1bfde47d53ed34e899229870228ce35230fa216ade3e348befd9b77c2c7ceea_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c73275043cc2caad071a88cb63f3745471fae11a953291b3dd93db4d752b1b13_ppc64le | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "cert-manager Operator for Red Hat OpenShift 1.17.1",
"title": "Topic"
},
{
"category": "general",
"text": "The cert-manager Operator for Red Hat OpenShift builds on top of Kubernetes, introducing certificate authorities\nand certificates as first-class resource types in the Kubernetes API. This makes it possible to provide\ncertificates-as-a-service to developers working within your Kubernetes cluster.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5645",
"url": "https://access.redhat.com/errata/RHSA-2026:5645"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47907",
"url": "https://access.redhat.com/security/cve/CVE-2025-47907"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58183",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html",
"url": "https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5645.json"
}
],
"title": "Red Hat Security Advisory: cert-manager Operator for Red Hat OpenShift 1.17.1",
"tracking": {
"current_release_date": "2026-07-03T11:04:51+00:00",
"generator": {
"date": "2026-07-03T11:04:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:5645",
"initial_release_date": "2026-03-24T15:38:55+00:00",
"revision_history": [
{
"date": "2026-03-24T15:38:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-24T15:39:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-03T11:04:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Cert Manager support for Red Hat OpenShift release 1.17",
"product": {
"name": "Cert Manager support for Red Hat OpenShift release 1.17",
"product_id": "Cert Manager support for Red Hat OpenShift release 1.17",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:cert_manager:1.17::el9"
}
}
}
],
"category": "product_family",
"name": "Cert Manager support for Red Hat OpenShift release"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:9011ffee4064e0f466d6bc27c54f60ec2e1f041d1240548101d9ed9e0254df12_amd64",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:9011ffee4064e0f466d6bc27c54f60ec2e1f041d1240548101d9ed9e0254df12_amd64",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:9011ffee4064e0f466d6bc27c54f60ec2e1f041d1240548101d9ed9e0254df12_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-rhel9@sha256%3A9011ffee4064e0f466d6bc27c54f60ec2e1f041d1240548101d9ed9e0254df12?arch=amd64\u0026repository_url=registry.redhat.io/cert-manager\u0026tag=1774341716"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:abcdf8c79fe663805d3bd5e43ac73b0472b5dab8c9dd80c90e1cf54ff161f41f_amd64",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:abcdf8c79fe663805d3bd5e43ac73b0472b5dab8c9dd80c90e1cf54ff161f41f_amd64",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:abcdf8c79fe663805d3bd5e43ac73b0472b5dab8c9dd80c90e1cf54ff161f41f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-acmesolver-rhel9@sha256%3Aabcdf8c79fe663805d3bd5e43ac73b0472b5dab8c9dd80c90e1cf54ff161f41f?arch=amd64\u0026repository_url=registry.redhat.io/cert-manager\u0026tag=1774342146"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1bfde47d53ed34e899229870228ce35230fa216ade3e348befd9b77c2c7ceea_s390x",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1bfde47d53ed34e899229870228ce35230fa216ade3e348befd9b77c2c7ceea_s390x",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1bfde47d53ed34e899229870228ce35230fa216ade3e348befd9b77c2c7ceea_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-rhel9@sha256%3Aa1bfde47d53ed34e899229870228ce35230fa216ade3e348befd9b77c2c7ceea?arch=s390x\u0026repository_url=registry.redhat.io/cert-manager\u0026tag=1774341716"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4974faad72c7c67e6d55f7bf8c9c2d752af17a2f48ef63153fe226b080d36132_s390x",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4974faad72c7c67e6d55f7bf8c9c2d752af17a2f48ef63153fe226b080d36132_s390x",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4974faad72c7c67e6d55f7bf8c9c2d752af17a2f48ef63153fe226b080d36132_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-acmesolver-rhel9@sha256%3A4974faad72c7c67e6d55f7bf8c9c2d752af17a2f48ef63153fe226b080d36132?arch=s390x\u0026repository_url=registry.redhat.io/cert-manager\u0026tag=1774342146"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c73275043cc2caad071a88cb63f3745471fae11a953291b3dd93db4d752b1b13_ppc64le",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c73275043cc2caad071a88cb63f3745471fae11a953291b3dd93db4d752b1b13_ppc64le",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c73275043cc2caad071a88cb63f3745471fae11a953291b3dd93db4d752b1b13_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-rhel9@sha256%3Ac73275043cc2caad071a88cb63f3745471fae11a953291b3dd93db4d752b1b13?arch=ppc64le\u0026repository_url=registry.redhat.io/cert-manager\u0026tag=1774341716"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:42f78dae41109753d076a75c14a9bc16096575cfdea102fdeda252665ff0381f_ppc64le",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:42f78dae41109753d076a75c14a9bc16096575cfdea102fdeda252665ff0381f_ppc64le",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:42f78dae41109753d076a75c14a9bc16096575cfdea102fdeda252665ff0381f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-acmesolver-rhel9@sha256%3A42f78dae41109753d076a75c14a9bc16096575cfdea102fdeda252665ff0381f?arch=ppc64le\u0026repository_url=registry.redhat.io/cert-manager\u0026tag=1774342146"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:6a2828505d9760b9d4f27d5eafa05db0d025b45787828bc5e125b7c75d1f329f_arm64",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:6a2828505d9760b9d4f27d5eafa05db0d025b45787828bc5e125b7c75d1f329f_arm64",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:6a2828505d9760b9d4f27d5eafa05db0d025b45787828bc5e125b7c75d1f329f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-rhel9@sha256%3A6a2828505d9760b9d4f27d5eafa05db0d025b45787828bc5e125b7c75d1f329f?arch=arm64\u0026repository_url=registry.redhat.io/cert-manager\u0026tag=1774341716"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:3a01605ba6dd883043f622596c54bfdfc938cdab48f4c32638e6cad807c57e9a_arm64",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:3a01605ba6dd883043f622596c54bfdfc938cdab48f4c32638e6cad807c57e9a_arm64",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:3a01605ba6dd883043f622596c54bfdfc938cdab48f4c32638e6cad807c57e9a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-acmesolver-rhel9@sha256%3A3a01605ba6dd883043f622596c54bfdfc938cdab48f4c32638e6cad807c57e9a?arch=arm64\u0026repository_url=registry.redhat.io/cert-manager\u0026tag=1774342146"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:3a01605ba6dd883043f622596c54bfdfc938cdab48f4c32638e6cad807c57e9a_arm64 as a component of Cert Manager support for Red Hat OpenShift release 1.17",
"product_id": "Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:3a01605ba6dd883043f622596c54bfdfc938cdab48f4c32638e6cad807c57e9a_arm64"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:3a01605ba6dd883043f622596c54bfdfc938cdab48f4c32638e6cad807c57e9a_arm64",
"relates_to_product_reference": "Cert Manager support for Red Hat OpenShift release 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:42f78dae41109753d076a75c14a9bc16096575cfdea102fdeda252665ff0381f_ppc64le as a component of Cert Manager support for Red Hat OpenShift release 1.17",
"product_id": "Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:42f78dae41109753d076a75c14a9bc16096575cfdea102fdeda252665ff0381f_ppc64le"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:42f78dae41109753d076a75c14a9bc16096575cfdea102fdeda252665ff0381f_ppc64le",
"relates_to_product_reference": "Cert Manager support for Red Hat OpenShift release 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4974faad72c7c67e6d55f7bf8c9c2d752af17a2f48ef63153fe226b080d36132_s390x as a component of Cert Manager support for Red Hat OpenShift release 1.17",
"product_id": "Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4974faad72c7c67e6d55f7bf8c9c2d752af17a2f48ef63153fe226b080d36132_s390x"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4974faad72c7c67e6d55f7bf8c9c2d752af17a2f48ef63153fe226b080d36132_s390x",
"relates_to_product_reference": "Cert Manager support for Red Hat OpenShift release 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:abcdf8c79fe663805d3bd5e43ac73b0472b5dab8c9dd80c90e1cf54ff161f41f_amd64 as a component of Cert Manager support for Red Hat OpenShift release 1.17",
"product_id": "Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:abcdf8c79fe663805d3bd5e43ac73b0472b5dab8c9dd80c90e1cf54ff161f41f_amd64"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:abcdf8c79fe663805d3bd5e43ac73b0472b5dab8c9dd80c90e1cf54ff161f41f_amd64",
"relates_to_product_reference": "Cert Manager support for Red Hat OpenShift release 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:6a2828505d9760b9d4f27d5eafa05db0d025b45787828bc5e125b7c75d1f329f_arm64 as a component of Cert Manager support for Red Hat OpenShift release 1.17",
"product_id": "Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:6a2828505d9760b9d4f27d5eafa05db0d025b45787828bc5e125b7c75d1f329f_arm64"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:6a2828505d9760b9d4f27d5eafa05db0d025b45787828bc5e125b7c75d1f329f_arm64",
"relates_to_product_reference": "Cert Manager support for Red Hat OpenShift release 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:9011ffee4064e0f466d6bc27c54f60ec2e1f041d1240548101d9ed9e0254df12_amd64 as a component of Cert Manager support for Red Hat OpenShift release 1.17",
"product_id": "Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:9011ffee4064e0f466d6bc27c54f60ec2e1f041d1240548101d9ed9e0254df12_amd64"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:9011ffee4064e0f466d6bc27c54f60ec2e1f041d1240548101d9ed9e0254df12_amd64",
"relates_to_product_reference": "Cert Manager support for Red Hat OpenShift release 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1bfde47d53ed34e899229870228ce35230fa216ade3e348befd9b77c2c7ceea_s390x as a component of Cert Manager support for Red Hat OpenShift release 1.17",
"product_id": "Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1bfde47d53ed34e899229870228ce35230fa216ade3e348befd9b77c2c7ceea_s390x"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1bfde47d53ed34e899229870228ce35230fa216ade3e348befd9b77c2c7ceea_s390x",
"relates_to_product_reference": "Cert Manager support for Red Hat OpenShift release 1.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c73275043cc2caad071a88cb63f3745471fae11a953291b3dd93db4d752b1b13_ppc64le as a component of Cert Manager support for Red Hat OpenShift release 1.17",
"product_id": "Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c73275043cc2caad071a88cb63f3745471fae11a953291b3dd93db4d752b1b13_ppc64le"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c73275043cc2caad071a88cb63f3745471fae11a953291b3dd93db4d752b1b13_ppc64le",
"relates_to_product_reference": "Cert Manager support for Red Hat OpenShift release 1.17"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47907",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"discovery_date": "2025-08-07T16:01:06.247481+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2387083"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "database/sql: Postgres Scan Race Condition",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Moderate severity issues rather than Important. The os/exec LookPath flaw requires a misconfigured PATH to be exploitable, and the database/sql race condition primarily impacts applications that cancel queries while running multiple queries concurrently. Both can cause unexpected behavior, but the exploitation scope is limited and unlikely to result in direct compromise in most typical deployments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:3a01605ba6dd883043f622596c54bfdfc938cdab48f4c32638e6cad807c57e9a_arm64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:42f78dae41109753d076a75c14a9bc16096575cfdea102fdeda252665ff0381f_ppc64le",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4974faad72c7c67e6d55f7bf8c9c2d752af17a2f48ef63153fe226b080d36132_s390x",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:abcdf8c79fe663805d3bd5e43ac73b0472b5dab8c9dd80c90e1cf54ff161f41f_amd64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:6a2828505d9760b9d4f27d5eafa05db0d025b45787828bc5e125b7c75d1f329f_arm64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:9011ffee4064e0f466d6bc27c54f60ec2e1f041d1240548101d9ed9e0254df12_amd64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1bfde47d53ed34e899229870228ce35230fa216ade3e348befd9b77c2c7ceea_s390x",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c73275043cc2caad071a88cb63f3745471fae11a953291b3dd93db4d752b1b13_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47907"
},
{
"category": "external",
"summary": "RHBZ#2387083",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387083"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907"
},
{
"category": "external",
"summary": "https://go.dev/cl/693735",
"url": "https://go.dev/cl/693735"
},
{
"category": "external",
"summary": "https://go.dev/issue/74831",
"url": "https://go.dev/issue/74831"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM",
"url": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3849",
"url": "https://pkg.go.dev/vuln/GO-2025-3849"
}
],
"release_date": "2025-08-07T15:25:30.704000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T15:38:55+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used\nwhen installing the cert-manager Operator for Red Hat OpenShift.\n\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a\nnew version of the Operator. No further action is required to upgrade. This is the default setting.\n\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\n\nSee https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html for additional\ninformation.",
"product_ids": [
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:3a01605ba6dd883043f622596c54bfdfc938cdab48f4c32638e6cad807c57e9a_arm64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:42f78dae41109753d076a75c14a9bc16096575cfdea102fdeda252665ff0381f_ppc64le",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4974faad72c7c67e6d55f7bf8c9c2d752af17a2f48ef63153fe226b080d36132_s390x",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:abcdf8c79fe663805d3bd5e43ac73b0472b5dab8c9dd80c90e1cf54ff161f41f_amd64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:6a2828505d9760b9d4f27d5eafa05db0d025b45787828bc5e125b7c75d1f329f_arm64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:9011ffee4064e0f466d6bc27c54f60ec2e1f041d1240548101d9ed9e0254df12_amd64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1bfde47d53ed34e899229870228ce35230fa216ade3e348befd9b77c2c7ceea_s390x",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c73275043cc2caad071a88cb63f3745471fae11a953291b3dd93db4d752b1b13_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5645"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:3a01605ba6dd883043f622596c54bfdfc938cdab48f4c32638e6cad807c57e9a_arm64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:42f78dae41109753d076a75c14a9bc16096575cfdea102fdeda252665ff0381f_ppc64le",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4974faad72c7c67e6d55f7bf8c9c2d752af17a2f48ef63153fe226b080d36132_s390x",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:abcdf8c79fe663805d3bd5e43ac73b0472b5dab8c9dd80c90e1cf54ff161f41f_amd64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:6a2828505d9760b9d4f27d5eafa05db0d025b45787828bc5e125b7c75d1f329f_arm64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:9011ffee4064e0f466d6bc27c54f60ec2e1f041d1240548101d9ed9e0254df12_amd64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1bfde47d53ed34e899229870228ce35230fa216ade3e348befd9b77c2c7ceea_s390x",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c73275043cc2caad071a88cb63f3745471fae11a953291b3dd93db4d752b1b13_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "database/sql: Postgres Scan Race Condition"
},
{
"cve": "CVE-2025-58183",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:50.573951+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407258"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted GNU tar pax 1.0 archive with the application using the archive/tar package. Additionally, this issue can cause the Go application to allocate a large amount of memory, eventually leading to an out-of-memory condition and resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:3a01605ba6dd883043f622596c54bfdfc938cdab48f4c32638e6cad807c57e9a_arm64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:42f78dae41109753d076a75c14a9bc16096575cfdea102fdeda252665ff0381f_ppc64le",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4974faad72c7c67e6d55f7bf8c9c2d752af17a2f48ef63153fe226b080d36132_s390x",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:abcdf8c79fe663805d3bd5e43ac73b0472b5dab8c9dd80c90e1cf54ff161f41f_amd64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:6a2828505d9760b9d4f27d5eafa05db0d025b45787828bc5e125b7c75d1f329f_arm64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:9011ffee4064e0f466d6bc27c54f60ec2e1f041d1240548101d9ed9e0254df12_amd64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1bfde47d53ed34e899229870228ce35230fa216ade3e348befd9b77c2c7ceea_s390x",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c73275043cc2caad071a88cb63f3745471fae11a953291b3dd93db4d752b1b13_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "RHBZ#2407258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407258"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://go.dev/cl/709861",
"url": "https://go.dev/cl/709861"
},
{
"category": "external",
"summary": "https://go.dev/issue/75677",
"url": "https://go.dev/issue/75677"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4014",
"url": "https://pkg.go.dev/vuln/GO-2025-4014"
}
],
"release_date": "2025-10-29T22:10:14.376000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T15:38:55+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used\nwhen installing the cert-manager Operator for Red Hat OpenShift.\n\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a\nnew version of the Operator. No further action is required to upgrade. This is the default setting.\n\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\n\nSee https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html for additional\ninformation.",
"product_ids": [
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:3a01605ba6dd883043f622596c54bfdfc938cdab48f4c32638e6cad807c57e9a_arm64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:42f78dae41109753d076a75c14a9bc16096575cfdea102fdeda252665ff0381f_ppc64le",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4974faad72c7c67e6d55f7bf8c9c2d752af17a2f48ef63153fe226b080d36132_s390x",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:abcdf8c79fe663805d3bd5e43ac73b0472b5dab8c9dd80c90e1cf54ff161f41f_amd64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:6a2828505d9760b9d4f27d5eafa05db0d025b45787828bc5e125b7c75d1f329f_arm64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:9011ffee4064e0f466d6bc27c54f60ec2e1f041d1240548101d9ed9e0254df12_amd64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1bfde47d53ed34e899229870228ce35230fa216ade3e348befd9b77c2c7ceea_s390x",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c73275043cc2caad071a88cb63f3745471fae11a953291b3dd93db4d752b1b13_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5645"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:3a01605ba6dd883043f622596c54bfdfc938cdab48f4c32638e6cad807c57e9a_arm64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:42f78dae41109753d076a75c14a9bc16096575cfdea102fdeda252665ff0381f_ppc64le",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4974faad72c7c67e6d55f7bf8c9c2d752af17a2f48ef63153fe226b080d36132_s390x",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:abcdf8c79fe663805d3bd5e43ac73b0472b5dab8c9dd80c90e1cf54ff161f41f_amd64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:6a2828505d9760b9d4f27d5eafa05db0d025b45787828bc5e125b7c75d1f329f_arm64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:9011ffee4064e0f466d6bc27c54f60ec2e1f041d1240548101d9ed9e0254df12_amd64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1bfde47d53ed34e899229870228ce35230fa216ade3e348befd9b77c2c7ceea_s390x",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c73275043cc2caad071a88cb63f3745471fae11a953291b3dd93db4d752b1b13_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:3a01605ba6dd883043f622596c54bfdfc938cdab48f4c32638e6cad807c57e9a_arm64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:42f78dae41109753d076a75c14a9bc16096575cfdea102fdeda252665ff0381f_ppc64le",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4974faad72c7c67e6d55f7bf8c9c2d752af17a2f48ef63153fe226b080d36132_s390x",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:abcdf8c79fe663805d3bd5e43ac73b0472b5dab8c9dd80c90e1cf54ff161f41f_amd64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:6a2828505d9760b9d4f27d5eafa05db0d025b45787828bc5e125b7c75d1f329f_arm64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:9011ffee4064e0f466d6bc27c54f60ec2e1f041d1240548101d9ed9e0254df12_amd64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1bfde47d53ed34e899229870228ce35230fa216ade3e348befd9b77c2c7ceea_s390x",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c73275043cc2caad071a88cb63f3745471fae11a953291b3dd93db4d752b1b13_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map"
},
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:3a01605ba6dd883043f622596c54bfdfc938cdab48f4c32638e6cad807c57e9a_arm64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:42f78dae41109753d076a75c14a9bc16096575cfdea102fdeda252665ff0381f_ppc64le",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4974faad72c7c67e6d55f7bf8c9c2d752af17a2f48ef63153fe226b080d36132_s390x",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:abcdf8c79fe663805d3bd5e43ac73b0472b5dab8c9dd80c90e1cf54ff161f41f_amd64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:6a2828505d9760b9d4f27d5eafa05db0d025b45787828bc5e125b7c75d1f329f_arm64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:9011ffee4064e0f466d6bc27c54f60ec2e1f041d1240548101d9ed9e0254df12_amd64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1bfde47d53ed34e899229870228ce35230fa216ade3e348befd9b77c2c7ceea_s390x",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c73275043cc2caad071a88cb63f3745471fae11a953291b3dd93db4d752b1b13_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T15:38:55+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used\nwhen installing the cert-manager Operator for Red Hat OpenShift.\n\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a\nnew version of the Operator. No further action is required to upgrade. This is the default setting.\n\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\n\nSee https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html for additional\ninformation.",
"product_ids": [
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:3a01605ba6dd883043f622596c54bfdfc938cdab48f4c32638e6cad807c57e9a_arm64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:42f78dae41109753d076a75c14a9bc16096575cfdea102fdeda252665ff0381f_ppc64le",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4974faad72c7c67e6d55f7bf8c9c2d752af17a2f48ef63153fe226b080d36132_s390x",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:abcdf8c79fe663805d3bd5e43ac73b0472b5dab8c9dd80c90e1cf54ff161f41f_amd64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:6a2828505d9760b9d4f27d5eafa05db0d025b45787828bc5e125b7c75d1f329f_arm64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:9011ffee4064e0f466d6bc27c54f60ec2e1f041d1240548101d9ed9e0254df12_amd64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1bfde47d53ed34e899229870228ce35230fa216ade3e348befd9b77c2c7ceea_s390x",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c73275043cc2caad071a88cb63f3745471fae11a953291b3dd93db4d752b1b13_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5645"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:3a01605ba6dd883043f622596c54bfdfc938cdab48f4c32638e6cad807c57e9a_arm64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:42f78dae41109753d076a75c14a9bc16096575cfdea102fdeda252665ff0381f_ppc64le",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4974faad72c7c67e6d55f7bf8c9c2d752af17a2f48ef63153fe226b080d36132_s390x",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:abcdf8c79fe663805d3bd5e43ac73b0472b5dab8c9dd80c90e1cf54ff161f41f_amd64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:6a2828505d9760b9d4f27d5eafa05db0d025b45787828bc5e125b7c75d1f329f_arm64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:9011ffee4064e0f466d6bc27c54f60ec2e1f041d1240548101d9ed9e0254df12_amd64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1bfde47d53ed34e899229870228ce35230fa216ade3e348befd9b77c2c7ceea_s390x",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c73275043cc2caad071a88cb63f3745471fae11a953291b3dd93db4d752b1b13_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:3a01605ba6dd883043f622596c54bfdfc938cdab48f4c32638e6cad807c57e9a_arm64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:42f78dae41109753d076a75c14a9bc16096575cfdea102fdeda252665ff0381f_ppc64le",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4974faad72c7c67e6d55f7bf8c9c2d752af17a2f48ef63153fe226b080d36132_s390x",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:abcdf8c79fe663805d3bd5e43ac73b0472b5dab8c9dd80c90e1cf54ff161f41f_amd64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:6a2828505d9760b9d4f27d5eafa05db0d025b45787828bc5e125b7c75d1f329f_arm64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:9011ffee4064e0f466d6bc27c54f60ec2e1f041d1240548101d9ed9e0254df12_amd64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1bfde47d53ed34e899229870228ce35230fa216ade3e348befd9b77c2c7ceea_s390x",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c73275043cc2caad071a88cb63f3745471fae11a953291b3dd93db4d752b1b13_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:3a01605ba6dd883043f622596c54bfdfc938cdab48f4c32638e6cad807c57e9a_arm64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:42f78dae41109753d076a75c14a9bc16096575cfdea102fdeda252665ff0381f_ppc64le",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4974faad72c7c67e6d55f7bf8c9c2d752af17a2f48ef63153fe226b080d36132_s390x",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:abcdf8c79fe663805d3bd5e43ac73b0472b5dab8c9dd80c90e1cf54ff161f41f_amd64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:6a2828505d9760b9d4f27d5eafa05db0d025b45787828bc5e125b7c75d1f329f_arm64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:9011ffee4064e0f466d6bc27c54f60ec2e1f041d1240548101d9ed9e0254df12_amd64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1bfde47d53ed34e899229870228ce35230fa216ade3e348befd9b77c2c7ceea_s390x",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c73275043cc2caad071a88cb63f3745471fae11a953291b3dd93db4d752b1b13_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T15:38:55+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used\nwhen installing the cert-manager Operator for Red Hat OpenShift.\n\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a\nnew version of the Operator. No further action is required to upgrade. This is the default setting.\n\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\n\nSee https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html for additional\ninformation.",
"product_ids": [
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:3a01605ba6dd883043f622596c54bfdfc938cdab48f4c32638e6cad807c57e9a_arm64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:42f78dae41109753d076a75c14a9bc16096575cfdea102fdeda252665ff0381f_ppc64le",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4974faad72c7c67e6d55f7bf8c9c2d752af17a2f48ef63153fe226b080d36132_s390x",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:abcdf8c79fe663805d3bd5e43ac73b0472b5dab8c9dd80c90e1cf54ff161f41f_amd64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:6a2828505d9760b9d4f27d5eafa05db0d025b45787828bc5e125b7c75d1f329f_arm64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:9011ffee4064e0f466d6bc27c54f60ec2e1f041d1240548101d9ed9e0254df12_amd64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1bfde47d53ed34e899229870228ce35230fa216ade3e348befd9b77c2c7ceea_s390x",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c73275043cc2caad071a88cb63f3745471fae11a953291b3dd93db4d752b1b13_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5645"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:3a01605ba6dd883043f622596c54bfdfc938cdab48f4c32638e6cad807c57e9a_arm64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:42f78dae41109753d076a75c14a9bc16096575cfdea102fdeda252665ff0381f_ppc64le",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4974faad72c7c67e6d55f7bf8c9c2d752af17a2f48ef63153fe226b080d36132_s390x",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:abcdf8c79fe663805d3bd5e43ac73b0472b5dab8c9dd80c90e1cf54ff161f41f_amd64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:6a2828505d9760b9d4f27d5eafa05db0d025b45787828bc5e125b7c75d1f329f_arm64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:9011ffee4064e0f466d6bc27c54f60ec2e1f041d1240548101d9ed9e0254df12_amd64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1bfde47d53ed34e899229870228ce35230fa216ade3e348befd9b77c2c7ceea_s390x",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c73275043cc2caad071a88cb63f3745471fae11a953291b3dd93db4d752b1b13_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:3a01605ba6dd883043f622596c54bfdfc938cdab48f4c32638e6cad807c57e9a_arm64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:42f78dae41109753d076a75c14a9bc16096575cfdea102fdeda252665ff0381f_ppc64le",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4974faad72c7c67e6d55f7bf8c9c2d752af17a2f48ef63153fe226b080d36132_s390x",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:abcdf8c79fe663805d3bd5e43ac73b0472b5dab8c9dd80c90e1cf54ff161f41f_amd64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:6a2828505d9760b9d4f27d5eafa05db0d025b45787828bc5e125b7c75d1f329f_arm64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:9011ffee4064e0f466d6bc27c54f60ec2e1f041d1240548101d9ed9e0254df12_amd64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1bfde47d53ed34e899229870228ce35230fa216ade3e348befd9b77c2c7ceea_s390x",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c73275043cc2caad071a88cb63f3745471fae11a953291b3dd93db4d752b1b13_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:3a01605ba6dd883043f622596c54bfdfc938cdab48f4c32638e6cad807c57e9a_arm64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:42f78dae41109753d076a75c14a9bc16096575cfdea102fdeda252665ff0381f_ppc64le",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4974faad72c7c67e6d55f7bf8c9c2d752af17a2f48ef63153fe226b080d36132_s390x",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:abcdf8c79fe663805d3bd5e43ac73b0472b5dab8c9dd80c90e1cf54ff161f41f_amd64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:6a2828505d9760b9d4f27d5eafa05db0d025b45787828bc5e125b7c75d1f329f_arm64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:9011ffee4064e0f466d6bc27c54f60ec2e1f041d1240548101d9ed9e0254df12_amd64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1bfde47d53ed34e899229870228ce35230fa216ade3e348befd9b77c2c7ceea_s390x",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c73275043cc2caad071a88cb63f3745471fae11a953291b3dd93db4d752b1b13_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T15:38:55+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used\nwhen installing the cert-manager Operator for Red Hat OpenShift.\n\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a\nnew version of the Operator. No further action is required to upgrade. This is the default setting.\n\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\n\nSee https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html for additional\ninformation.",
"product_ids": [
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:3a01605ba6dd883043f622596c54bfdfc938cdab48f4c32638e6cad807c57e9a_arm64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:42f78dae41109753d076a75c14a9bc16096575cfdea102fdeda252665ff0381f_ppc64le",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4974faad72c7c67e6d55f7bf8c9c2d752af17a2f48ef63153fe226b080d36132_s390x",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:abcdf8c79fe663805d3bd5e43ac73b0472b5dab8c9dd80c90e1cf54ff161f41f_amd64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:6a2828505d9760b9d4f27d5eafa05db0d025b45787828bc5e125b7c75d1f329f_arm64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:9011ffee4064e0f466d6bc27c54f60ec2e1f041d1240548101d9ed9e0254df12_amd64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1bfde47d53ed34e899229870228ce35230fa216ade3e348befd9b77c2c7ceea_s390x",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c73275043cc2caad071a88cb63f3745471fae11a953291b3dd93db4d752b1b13_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5645"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:3a01605ba6dd883043f622596c54bfdfc938cdab48f4c32638e6cad807c57e9a_arm64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:42f78dae41109753d076a75c14a9bc16096575cfdea102fdeda252665ff0381f_ppc64le",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4974faad72c7c67e6d55f7bf8c9c2d752af17a2f48ef63153fe226b080d36132_s390x",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:abcdf8c79fe663805d3bd5e43ac73b0472b5dab8c9dd80c90e1cf54ff161f41f_amd64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:6a2828505d9760b9d4f27d5eafa05db0d025b45787828bc5e125b7c75d1f329f_arm64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:9011ffee4064e0f466d6bc27c54f60ec2e1f041d1240548101d9ed9e0254df12_amd64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1bfde47d53ed34e899229870228ce35230fa216ade3e348befd9b77c2c7ceea_s390x",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c73275043cc2caad071a88cb63f3745471fae11a953291b3dd93db4d752b1b13_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:3a01605ba6dd883043f622596c54bfdfc938cdab48f4c32638e6cad807c57e9a_arm64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:42f78dae41109753d076a75c14a9bc16096575cfdea102fdeda252665ff0381f_ppc64le",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4974faad72c7c67e6d55f7bf8c9c2d752af17a2f48ef63153fe226b080d36132_s390x",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:abcdf8c79fe663805d3bd5e43ac73b0472b5dab8c9dd80c90e1cf54ff161f41f_amd64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:6a2828505d9760b9d4f27d5eafa05db0d025b45787828bc5e125b7c75d1f329f_arm64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:9011ffee4064e0f466d6bc27c54f60ec2e1f041d1240548101d9ed9e0254df12_amd64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1bfde47d53ed34e899229870228ce35230fa216ade3e348befd9b77c2c7ceea_s390x",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c73275043cc2caad071a88cb63f3745471fae11a953291b3dd93db4d752b1b13_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T15:38:55+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used\nwhen installing the cert-manager Operator for Red Hat OpenShift.\n\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a\nnew version of the Operator. No further action is required to upgrade. This is the default setting.\n\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\n\nSee https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html for additional\ninformation.",
"product_ids": [
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:3a01605ba6dd883043f622596c54bfdfc938cdab48f4c32638e6cad807c57e9a_arm64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:42f78dae41109753d076a75c14a9bc16096575cfdea102fdeda252665ff0381f_ppc64le",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4974faad72c7c67e6d55f7bf8c9c2d752af17a2f48ef63153fe226b080d36132_s390x",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:abcdf8c79fe663805d3bd5e43ac73b0472b5dab8c9dd80c90e1cf54ff161f41f_amd64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:6a2828505d9760b9d4f27d5eafa05db0d025b45787828bc5e125b7c75d1f329f_arm64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:9011ffee4064e0f466d6bc27c54f60ec2e1f041d1240548101d9ed9e0254df12_amd64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1bfde47d53ed34e899229870228ce35230fa216ade3e348befd9b77c2c7ceea_s390x",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c73275043cc2caad071a88cb63f3745471fae11a953291b3dd93db4d752b1b13_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5645"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:3a01605ba6dd883043f622596c54bfdfc938cdab48f4c32638e6cad807c57e9a_arm64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:42f78dae41109753d076a75c14a9bc16096575cfdea102fdeda252665ff0381f_ppc64le",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:4974faad72c7c67e6d55f7bf8c9c2d752af17a2f48ef63153fe226b080d36132_s390x",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:abcdf8c79fe663805d3bd5e43ac73b0472b5dab8c9dd80c90e1cf54ff161f41f_amd64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:6a2828505d9760b9d4f27d5eafa05db0d025b45787828bc5e125b7c75d1f329f_arm64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:9011ffee4064e0f466d6bc27c54f60ec2e1f041d1240548101d9ed9e0254df12_amd64",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a1bfde47d53ed34e899229870228ce35230fa216ade3e348befd9b77c2c7ceea_s390x",
"Cert Manager support for Red Hat OpenShift release 1.17:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c73275043cc2caad071a88cb63f3745471fae11a953291b3dd93db4d752b1b13_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
}
]
}
RHSA-2026:5807
Vulnerability from csaf_redhat - Published: 2026-03-25 12:32 - Updated: 2026-07-03 11:01A local privilege escalation vulnerability has been discovered in containerd. This vulnerability is the result of an overly broad default permission which allows local users on the host to potentially access the metadata store, the content store and the contents of Kubernetes local volumes. The contents of volumes might include setuid binaries, which could allow a local user on the host to elevate privileges on the host.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64 | — |
Workaround
|
A command injection vulnerability was discovered in the TrustyAI Explainability toolkit. Arbitrary commands placed in certain fields of a LMEValJob custom resource (CR) may be executed in the LMEvalJob pod's terminal. This issue can be exploited via a maliciously crafted LMEvalJob by a user with permissions to deploy a CR.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64 | — |
A path traversal flaw has been discovered in the keras Python library. when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special symlinks, which, when extracted, allows them to write arbitrary files to any location on the filesystem outside of the intended destination folder.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64 | — |
Workaround
|
A path traversal flaw has been discovered in Keras. The vulnerability arises because the function uses Python's tarfile.extractall() method without the security-critical filter='data' parameter. Although Keras attempts to filter unsafe paths using filter_safe_paths(), this filtering occurs before extraction, and a PATH_MAX symlink resolution bug triggers during extraction. This bug causes symlink resolution to fail due to path length limits, resulting in a security bypass that allows files to be written outside the intended extraction directory.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64 | — |
Workaround
|
A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64 | — |
Workaround
|
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64 | — |
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64 | — |
An ASN.1 Denial of Service (Dos) vulnerability exists in the node-forge asn1.fromDer function within forge/lib/asn1.js. The ASN.1 DER parser implementation (_fromDer) recurses for every constructed ASN.1 value (SEQUENCE, SET, etc.) and lacks a guard limiting recursion depth. An attacker can craft a small DER blob containing a very large nesting depth of constructed TLVs which causes the Node.js V8 engine to exhaust its call stack and throw RangeError: Maximum call stack size exceeded, crashing or incapacitating the process handling the parse. This is a remote, low-cost Denial-of-Service against applications that parse untrusted ASN.1 objects.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64 | — |
Workaround
|
A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64 | — |
A path traversal and arbitrary file overwrite vulnerability has been identified in Argo Workflows during the extraction of archived artifacts, where symbolic links inside a crafted archive are not safely validated before file extraction. An attacker could exploit this flaw by submitting a malicious archive containing symbolic links that point outside the intended extraction directory, causing files to be written or overwritten in unintended locations within the workflow pod. Successful exploitation may allow an attacker to overwrite execution control files and achieve arbitrary command execution during pod startup.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64 | — |
Workaround
|
A flaw was found in Expr, an expression language and expression evaluation for Go. This vulnerability allows a denial of service (DoS) via recursive traversal over user-provided deeply nested or cyclic data structures without enforcing a maximum recursion depth, leading to a stack overflow panic and application crash.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64 | — |
Workaround
|
A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64 | — |
Workaround
|
A flaw was found in undici. A remote attacker can exploit this vulnerability by sending a specially crafted compressed frame, known as a "decompression bomb," during permessage-deflate decompression. The undici WebSocket client does not properly limit the size of decompressed data, leading to unbounded memory consumption. This can cause the Node.js process to exhaust available memory, resulting in a denial of service (DoS) where the process crashes or becomes unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64 | — |
Workaround
|
A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici's ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primary consequence is a Denial of Service (DoS), which terminates the process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64 | — |
Workaround
|
A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid `server_max_window_bits` parameter within the permessage-deflate extension. This improper validation causes the client's Node.js process to terminate, leading to a denial-of-service (DoS) condition for the client.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64 | — |
Workaround
|
A flaw was found in Fastify, a web framework for Node.js. A remote attacker can exploit a validation bypass vulnerability by appending a tab character followed by arbitrary content to the Content-Type header. This circumvents the request body validation schemas, allowing the server to process the body as the original content type without proper validation. This could lead to unexpected data processing and potential integrity impact.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64 | — |
Workaround
|
A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64 | — |
Workaround
|
A flaw was found in SVGO, an SVG (Scalable Vector Graphics) Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by submitting a specially crafted XML file. The application's failure to properly guard against XML entity expansion or recursion can lead to the Node.js process consuming excessive memory and crashing.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64 | — |
Workaround
|
A denial of service flaw has been discovered in the flatted npm library. flatted's parse() function uses a recursive revive() phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow that crashes the Node.js process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images are now available for Red Hat OpenShift AI.",
"title": "Topic"
},
{
"category": "general",
"text": "Release of RHOAI 2.16.4 provides these changes:",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5807",
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-25621",
"url": "https://access.redhat.com/security/cve/CVE-2024-25621"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12060",
"url": "https://access.redhat.com/security/cve/CVE-2025-12060"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12638",
"url": "https://access.redhat.com/security/cve/CVE-2025-12638"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12816",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6193",
"url": "https://access.redhat.com/security/cve/CVE-2025-6193"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66418",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66626",
"url": "https://access.redhat.com/security/cve/CVE-2025-66626"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68156",
"url": "https://access.redhat.com/security/cve/CVE-2025-68156"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-69873",
"url": "https://access.redhat.com/security/cve/CVE-2025-69873"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-1526",
"url": "https://access.redhat.com/security/cve/CVE-2026-1526"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-1528",
"url": "https://access.redhat.com/security/cve/CVE-2026-1528"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-2229",
"url": "https://access.redhat.com/security/cve/CVE-2026-2229"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25223",
"url": "https://access.redhat.com/security/cve/CVE-2026-25223"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25639",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29074",
"url": "https://access.redhat.com/security/cve/CVE-2026-29074"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32141",
"url": "https://access.redhat.com/security/cve/CVE-2026-32141"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"url": "https://docs.redhat.com/en/documentation/red_hat_openshift_ai/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5807.json"
}
],
"title": "Red Hat Security Advisory: RHOAI 2.16.4 - Red Hat OpenShift AI",
"tracking": {
"current_release_date": "2026-07-03T11:01:32+00:00",
"generator": {
"date": "2026-07-03T11:01:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:5807",
"initial_release_date": "2026-03-25T12:32:51+00:00",
"revision_history": [
{
"date": "2026-03-25T12:32:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-25T12:33:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-03T11:01:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift AI 2.16",
"product": {
"name": "Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_ai:2.16::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift AI"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"product_id": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-codeflare-operator-rhel8@sha256%3Ab68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282100"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"product_id": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-dashboard-rhel8@sha256%3A022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282136"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"product_id": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-data-science-pipelines-argo-argoexec-rhel8@sha256%3Afd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282136"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"product_id": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256%3A4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774288148"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"product_id": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-data-science-pipelines-operator-controller-rhel8@sha256%3A64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282078"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"product_id": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-kf-notebook-controller-rhel8@sha256%3Ab26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282201"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"product_id": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-kuberay-operator-controller-rhel8@sha256%3A9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282134"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"product_id": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-kueue-controller-rhel8@sha256%3Af38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282087"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-api-server-v2-rhel8@sha256%3Ac46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282268"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-driver-rhel8@sha256%3A0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282328"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-launcher-rhel8@sha256%3Ab82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282116"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256%3A9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282159"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256%3A87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282202"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"product_id": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-mlmd-grpc-server-rhel8@sha256%3A07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774283932"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"product_id": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-mm-rest-proxy-rhel8@sha256%3Aace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282095"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"product_id": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-controller-rhel8@sha256%3Aa880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774286327"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"product_id": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-registry-operator-rhel8@sha256%3A8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282093"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"product_id": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-registry-rhel8@sha256%3A14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282092"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"product_id": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-modelmesh-runtime-adapter-rhel8@sha256%3Aa291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774283191"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"product_id": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-modelmesh-serving-controller-rhel8@sha256%3Aae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282244"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"product_id": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-modelmesh-rhel8@sha256%3Aabdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282058"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"product_id": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-notebook-controller-rhel8@sha256%3Aaa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282170"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"product_id": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-operator-bundle@sha256%3A9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774296584"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"product_id": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-rhel8-operator@sha256%3A2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774293140"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"product_id": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-training-operator-rhel8@sha256%3A6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282093"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"product_id": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-trustyai-service-operator-rhel8@sha256%3A297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774285579"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64",
"product_id": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-trustyai-service-rhel8@sha256%3A92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282073"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-25621",
"cwe": {
"id": "CWE-279",
"name": "Incorrect Execution-Assigned Permissions"
},
"discovery_date": "2025-11-06T19:01:04.402278+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2413190"
}
],
"notes": [
{
"category": "description",
"text": "A local privilege escalation vulnerability has been discovered in containerd. This vulnerability is the result of an overly broad default permission which allows local users on the host to potentially access the metadata store, the content store and the contents of Kubernetes local volumes. The contents of volumes might include setuid binaries, which could allow a local user on the host to elevate privileges on the host.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/containerd/containerd: containerd local privilege escalation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-25621"
},
{
"category": "external",
"summary": "RHBZ#2413190",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413190"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-25621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25621"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-25621",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25621"
},
{
"category": "external",
"summary": "https://github.com/containerd/containerd/blob/main/docs/rootless.md",
"url": "https://github.com/containerd/containerd/blob/main/docs/rootless.md"
},
{
"category": "external",
"summary": "https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b23655c352bfec5",
"url": "https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b23655c352bfec5"
},
{
"category": "external",
"summary": "https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w",
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w"
}
],
"release_date": "2025-11-06T18:36:21.566000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "The system administrator on the host can manually chmod the directories to not\nhave group or world accessible permissions:\n```\nchmod 700 /var/lib/containerd\nchmod 700 /run/containerd/io.containerd.grpc.v1.cri\nchmod 700 /run/containerd/io.containerd.sandbox.controller.v1.shim\n```\nAn alternative mitigation would be to run containerd in rootless mode.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/containerd/containerd: containerd local privilege escalation"
},
{
"cve": "CVE-2025-6193",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2025-06-20T14:05:07.010000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2374032"
}
],
"notes": [
{
"category": "description",
"text": "A command injection vulnerability was discovered in the TrustyAI Explainability toolkit. Arbitrary commands placed in certain fields of a LMEValJob custom resource (CR) may be executed in the LMEvalJob pod\u0027s terminal. This issue can be exploited via a maliciously crafted LMEvalJob by a user with permissions to deploy a CR.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "trustyai-explainability: command injection via LMEvalJob CR",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6193"
},
{
"category": "external",
"summary": "RHBZ#2374032",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374032"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6193"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6193",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6193"
},
{
"category": "external",
"summary": "https://github.com/trustyai-explainability/trustyai-service-operator/pull/504",
"url": "https://github.com/trustyai-explainability/trustyai-service-operator/pull/504"
}
],
"release_date": "2025-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "trustyai-explainability: command injection via LMEvalJob CR"
},
{
"cve": "CVE-2025-12060",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-10-30T18:01:32.193676+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407443"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw has been discovered in the keras Python library. when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python\u0027s tarfile.extractall function without the filter=\"data\" feature. A remote attacker can craft a malicious tar archive containing special symlinks, which, when extracted, allows them to write arbitrary files to any location on the filesystem outside of the intended destination folder.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keras: Keras Path Traversal Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12060"
},
{
"category": "external",
"summary": "RHBZ#2407443",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407443"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12060"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12060",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12060"
},
{
"category": "external",
"summary": "https://github.com/keras-team/keras/pull/21760",
"url": "https://github.com/keras-team/keras/pull/21760"
},
{
"category": "external",
"summary": "https://github.com/keras-team/keras/security/advisories/GHSA-hjqc-jx6g-rwp9",
"url": "https://github.com/keras-team/keras/security/advisories/GHSA-hjqc-jx6g-rwp9"
}
],
"release_date": "2025-10-30T17:10:43.868000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keras: Keras Path Traversal Vulnerability"
},
{
"cve": "CVE-2025-12638",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-11-28T15:01:10.693633+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417711"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw has been discovered in Keras. The vulnerability arises because the function uses Python\u0027s tarfile.extractall() method without the security-critical filter=\u0027data\u0027 parameter. Although Keras attempts to filter unsafe paths using filter_safe_paths(), this filtering occurs before extraction, and a PATH_MAX symlink resolution bug triggers during extraction. This bug causes symlink resolution to fail due to path length limits, resulting in a security bypass that allows files to be written outside the intended extraction directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keras: Path Traversal Vulnerability in keras",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12638"
},
{
"category": "external",
"summary": "RHBZ#2417711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417711"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12638",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12638"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12638",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12638"
},
{
"category": "external",
"summary": "https://github.com/keras-team/keras/commit/47fcb397ee4caffd5a75efd1fa3067559594e951",
"url": "https://github.com/keras-team/keras/commit/47fcb397ee4caffd5a75efd1fa3067559594e951"
},
{
"category": "external",
"summary": "https://huntr.com/bounties/f94f5beb-54d8-4e6a-8bac-86d9aee103f4",
"url": "https://huntr.com/bounties/f94f5beb-54d8-4e6a-8bac-86d9aee103f4"
}
],
"release_date": "2025-11-28T14:06:02.069000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keras: Path Traversal Vulnerability in keras"
},
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2025-11-25T20:01:05.875196+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417097"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "RHBZ#2417097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge",
"url": "https://github.com/digitalbazaar/forge"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/pull/1124",
"url": "https://github.com/digitalbazaar/forge/pull/1124"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/521113",
"url": "https://kb.cert.org/vuls/id/521113"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/node-forge",
"url": "https://www.npmjs.com/package/node-forge"
}
],
"release_date": "2025-11-25T19:15:50.243000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
},
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-11-26T23:01:36.363253+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417397"
}
],
"notes": [
{
"category": "description",
"text": "An ASN.1 Denial of Service (Dos) vulnerability exists in the node-forge asn1.fromDer function within forge/lib/asn1.js. The ASN.1 DER parser implementation (_fromDer) recurses for every constructed ASN.1 value (SEQUENCE, SET, etc.) and lacks a guard limiting recursion depth. An attacker can craft a small DER blob containing a very large nesting depth of constructed TLVs which causes the Node.js V8 engine to exhaust its call stack and throw RangeError: Maximum call stack size exceeded, crashing or incapacitating the process handling the parse. This is a remote, low-cost Denial-of-Service against applications that parse untrusted ASN.1 objects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge ASN.1 Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "RHBZ#2417397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
}
],
"release_date": "2025-11-26T22:23:26.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: node-forge ASN.1 Unbounded Recursion"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-05T17:01:20.277857+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419455"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "RHBZ#2419455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8",
"url": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53"
}
],
"release_date": "2025-12-05T16:02:15.271000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion"
},
{
"cve": "CVE-2025-66626",
"cwe": {
"id": "CWE-73",
"name": "External Control of File Name or Path"
},
"discovery_date": "2025-12-09T21:01:10.560389+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2420818"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal and arbitrary file overwrite vulnerability has been identified in Argo Workflows during the extraction of archived artifacts, where symbolic links inside a crafted archive are not safely validated before file extraction. An attacker could exploit this flaw by submitting a malicious archive containing symbolic links that point outside the intended extraction directory, causing files to be written or overwritten in unintended locations within the workflow pod. Successful exploitation may allow an attacker to overwrite execution control files and achieve arbitrary command execution during pod startup.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/argoproj/argo-workflows: argoproj/argo-workflows is vulnerable to RCE via ZipSlip and symbolic links",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this issue as High severity (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H, 8.3) because an attacker with basic workflow submission privileges can supply a specially crafted archive that is automatically extracted without proper validation. The attack complexity is low and does not require user interaction once the malicious workflow is submitted. Successful exploitation allows arbitrary file overwrite within the affected pod, including critical execution files, which can result in code execution at pod startup. While the impact is generally limited to the compromised pod and does not directly lead to host-level compromise, the integrity and availability impacts within the container are significant, justifying a High severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66626"
},
{
"category": "external",
"summary": "RHBZ#2420818",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420818"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66626",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66626"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66626",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66626"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-p84v-gxvw-73pf",
"url": "https://github.com/advisories/GHSA-p84v-gxvw-73pf"
},
{
"category": "external",
"summary": "https://github.com/argoproj/argo-workflows/blob/5291e0b01f94ba864f96f795bb500f2cfc5ad799/workflow/executor/executor.go#L1034-L1037",
"url": "https://github.com/argoproj/argo-workflows/blob/5291e0b01f94ba864f96f795bb500f2cfc5ad799/workflow/executor/executor.go#L1034-L1037"
},
{
"category": "external",
"summary": "https://github.com/argoproj/argo-workflows/commit/6b92af23f35aed4d4de8b04adcaf19d68f006de1",
"url": "https://github.com/argoproj/argo-workflows/commit/6b92af23f35aed4d4de8b04adcaf19d68f006de1"
},
{
"category": "external",
"summary": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-xrqc-7xgx-c9vh",
"url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-xrqc-7xgx-c9vh"
}
],
"release_date": "2025-12-09T20:19:14.680000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/argoproj/argo-workflows: argoproj/argo-workflows is vulnerable to RCE via ZipSlip and symbolic links"
},
{
"cve": "CVE-2025-68156",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-16T19:01:42.049157+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2422891"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Expr, an expression language and expression evaluation for Go. This vulnerability allows a denial of service (DoS) via recursive traversal over user-provided deeply nested or cyclic data structures without enforcing a maximum recursion depth, leading to a stack overflow panic and application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products utilizing the `Expr` Go library because it can lead to a denial-of-service. Exploitation requires an application to evaluate expressions against untrusted or insufficiently validated data structures containing deeply nested or cyclic references, which can cause a stack overflow and application crash. Products that do not process untrusted input with `Expr` are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68156"
},
{
"category": "external",
"summary": "RHBZ#2422891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2422891"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68156",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68156"
},
{
"category": "external",
"summary": "https://github.com/expr-lang/expr/pull/870",
"url": "https://github.com/expr-lang/expr/pull/870"
},
{
"category": "external",
"summary": "https://github.com/expr-lang/expr/security/advisories/GHSA-cfpf-hrx2-8rv6",
"url": "https://github.com/expr-lang/expr/security/advisories/GHSA-cfpf-hrx2-8rv6"
}
],
"release_date": "2025-12-16T18:24:11.648000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications using the `Expr` library should ensure that evaluation environments do not contain cyclic references. Additionally, externally supplied data structures must be validated or sanitized before being passed to `Expr` for evaluation. As a last-resort defensive measure, expression evaluation can be wrapped with panic recovery to prevent a full process crash.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation"
},
{
"cve": "CVE-2025-69873",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-11T19:01:32.953264+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ajv: ReDoS via $data reference",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, the $data option must be enabled and the attacker needs to be able to send a payload with a specially crafted regular expression to the application processing the input. A 31-character payload causes approximately 44 seconds of execution, with each additional character doubling the execution time. Therefore, even a small payload can cause an application to become unresponsive and eventually result in a denial of service. Due to this reason, this flaw has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69873"
},
{
"category": "external",
"summary": "RHBZ#2439070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873"
},
{
"category": "external",
"summary": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md",
"url": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md"
}
],
"release_date": "2026-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable the $data feature if your application does not require it. If $data must be used, implement strict validation of the input fields that are referenced by the pattern keyword to ensure they contain only expected and safe characters.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ajv: ReDoS via $data reference"
},
{
"cve": "CVE-2026-1526",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-03-12T21:01:25.538271+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447142"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A remote attacker can exploit this vulnerability by sending a specially crafted compressed frame, known as a \"decompression bomb,\" during permessage-deflate decompression. The undici WebSocket client does not properly limit the size of decompressed data, leading to unbounded memory consumption. This can cause the Node.js process to exhaust available memory, resulting in a denial of service (DoS) where the process crashes or becomes unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1526"
},
{
"category": "external",
"summary": "RHBZ#2447142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447142"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1526",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1526"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1526",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1526"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc7692",
"url": "https://datatracker.ietf.org/doc/html/rfc7692"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3481206",
"url": "https://hackerone.com/reports/3481206"
}
],
"release_date": "2026-03-12T20:08:05.950000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression"
},
{
"cve": "CVE-2026-1528",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2026-03-12T21:01:36.954017+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447145"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici\u0027s ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primary consequence is a Denial of Service (DoS), which terminates the process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Denial of Service via crafted WebSocket frame with large length",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1528"
},
{
"category": "external",
"summary": "RHBZ#2447145",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447145"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1528",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1528"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1528",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1528"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3537648",
"url": "https://hackerone.com/reports/3537648"
}
],
"release_date": "2026-03-12T20:21:57.775000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Denial of Service via crafted WebSocket frame with large length"
},
{
"cve": "CVE-2026-2229",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2026-03-12T21:01:29.187989+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447143"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid `server_max_window_bits` parameter within the permessage-deflate extension. This improper validation causes the client\u0027s Node.js process to terminate, leading to a denial-of-service (DoS) condition for the client.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2229"
},
{
"category": "external",
"summary": "RHBZ#2447143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447143"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2229",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2229"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2229",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2229"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc7692",
"url": "https://datatracker.ietf.org/doc/html/rfc7692"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3487486",
"url": "https://hackerone.com/reports/3487486"
},
{
"category": "external",
"summary": "https://nodejs.org/api/zlib.html#class-zlibinflateraw",
"url": "https://nodejs.org/api/zlib.html#class-zlibinflateraw"
}
],
"release_date": "2026-03-12T20:27:05.600000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter"
},
{
"cve": "CVE-2026-25223",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2026-02-03T22:01:19.884891+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2436560"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fastify, a web framework for Node.js. A remote attacker can exploit a validation bypass vulnerability by appending a tab character followed by arbitrary content to the Content-Type header. This circumvents the request body validation schemas, allowing the server to process the body as the original content type without proper validation. This could lead to unexpected data processing and potential integrity impact.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Fastify: Fastify: Validation bypass due to malformed Content-Type header leading to integrity impact",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This IMPORTANT vulnerability in Fastify, a Node.js web framework, allows remote attackers to bypass request body validation by manipulating the Content-Type header. This can lead to unexpected data processing and integrity issues in applications. Red Hat products such as Red Hat Enterprise Linux AI, Red Hat OpenShift AI, and Red Hat OpenShift Dev Spaces are affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25223"
},
{
"category": "external",
"summary": "RHBZ#2436560",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436560"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25223",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25223"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25223",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25223"
},
{
"category": "external",
"summary": "https://fastify.dev/docs/latest/Reference/Validation-and-Serialization",
"url": "https://fastify.dev/docs/latest/Reference/Validation-and-Serialization"
},
{
"category": "external",
"summary": "https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/content-type-parser.js#L125",
"url": "https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/content-type-parser.js#L125"
},
{
"category": "external",
"summary": "https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/validation.js#L272",
"url": "https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/validation.js#L272"
},
{
"category": "external",
"summary": "https://github.com/fastify/fastify/commit/32d7b6add39ddf082d92579a58bea7018c5ac821",
"url": "https://github.com/fastify/fastify/commit/32d7b6add39ddf082d92579a58bea7018c5ac821"
},
{
"category": "external",
"summary": "https://github.com/fastify/fastify/security/advisories/GHSA-jx2c-rxcm-jvmq",
"url": "https://github.com/fastify/fastify/security/advisories/GHSA-jx2c-rxcm-jvmq"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3464114",
"url": "https://hackerone.com/reports/3464114"
}
],
"release_date": "2026-02-03T21:21:40.268000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Fastify: Fastify: Validation bypass due to malformed Content-Type header leading to integrity impact"
},
{
"cve": "CVE-2026-25639",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-09T21:00:49.280114+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438237"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "RHBZ#2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"release_date": "2026-02-09T20:11:22.374000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
},
{
"cve": "CVE-2026-29074",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2026-03-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445132"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in SVGO, an SVG (Scalable Vector Graphics) Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by submitting a specially crafted XML file. The application\u0027s failure to properly guard against XML entity expansion or recursion can lead to the Node.js process consuming excessive memory and crashing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "svgo: SVGO: Denial of Service via XML entity expansion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29074"
},
{
"category": "external",
"summary": "RHBZ#2445132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445132"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29074",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29074"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074"
},
{
"category": "external",
"summary": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673",
"url": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673"
}
],
"release_date": "2026-03-06T07:23:05.716000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "svgo: SVGO: Denial of Service via XML entity expansion"
},
{
"cve": "CVE-2026-32141",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-03-12T19:01:30.987208+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447083"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the flatted npm library. flatted\u0027s parse() function uses a recursive revive() phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow that crashes the Node.js process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flatted: flatted: Unbounded recursion DoS in parse() revive phase",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32141"
},
{
"category": "external",
"summary": "RHBZ#2447083",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447083"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32141"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32141",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32141"
},
{
"category": "external",
"summary": "https://github.com/WebReflection/flatted/commit/7eb65d857e1a40de11c47461cdbc8541449f0606",
"url": "https://github.com/WebReflection/flatted/commit/7eb65d857e1a40de11c47461cdbc8541449f0606"
},
{
"category": "external",
"summary": "https://github.com/WebReflection/flatted/pull/88",
"url": "https://github.com/WebReflection/flatted/pull/88"
},
{
"category": "external",
"summary": "https://github.com/WebReflection/flatted/security/advisories/GHSA-25h7-pfq9-p65f",
"url": "https://github.com/WebReflection/flatted/security/advisories/GHSA-25h7-pfq9-p65f"
}
],
"release_date": "2026-03-12T18:08:09.634000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "flatted: flatted: Unbounded recursion DoS in parse() revive phase"
}
]
}
RHSA-2026:5851
Vulnerability from csaf_redhat - Published: 2026-03-25 23:56 - Updated: 2026-07-03 11:01A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x | — |
Workaround
|
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x | — |
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64 | — | ||
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64 | — | ||
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le | — | ||
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64 | — | ||
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x | — | ||
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64 | — | ||
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x | — | ||
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64 | — | ||
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le | — |
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64 | — | ||
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64 | — | ||
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le | — | ||
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64 | — | ||
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x | — | ||
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64 | — | ||
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x | — | ||
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64 | — | ||
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "DevWorkspace Operator 0.40.0 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "The DevWorkspace Operator extends OpenShift to provide DevWorkspace support.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5851",
"url": "https://access.redhat.com/errata/RHSA-2026:5851"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/CRW-10575",
"url": "https://redhat.atlassian.net/browse/CRW-10575"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5851.json"
}
],
"title": "Red Hat Security Advisory: DevWorkspace Operator 0.40.0 release.",
"tracking": {
"current_release_date": "2026-07-03T11:01:32+00:00",
"generator": {
"date": "2026-07-03T11:01:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:5851",
"initial_release_date": "2026-03-25T23:56:41+00:00",
"revision_history": [
{
"date": "2026-03-25T23:56:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-25T23:56:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-03T11:01:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "DevWorkspace Operator 0.4",
"product": {
"name": "DevWorkspace Operator 0.4",
"product_id": "DevWorkspace Operator 0.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:devworkspace:0.40::el9"
}
}
}
],
"category": "product_family",
"name": "DevWorkspace Operator"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64",
"product_id": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-rhel9-operator@sha256%3A030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30?arch=amd64\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=1773953459"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64",
"product_id": "registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-operator-bundle@sha256%3Ab22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5?arch=amd64\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=1773959130"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64",
"product_id": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-project-backup-rhel9@sha256%3A0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc?arch=amd64\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=1773527262"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64",
"product_id": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-project-clone-rhel9@sha256%3A11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30?arch=amd64\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=1773953548"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x",
"product_id": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-rhel9-operator@sha256%3A90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645?arch=s390x\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=1773953459"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x",
"product_id": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-project-backup-rhel9@sha256%3Aab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f?arch=s390x\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=1773527262"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x",
"product_id": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-project-clone-rhel9@sha256%3A16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53?arch=s390x\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=1773953548"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le",
"product_id": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-rhel9-operator@sha256%3Ade7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44?arch=ppc64le\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=1773953459"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le",
"product_id": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-project-backup-rhel9@sha256%3A662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea?arch=ppc64le\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=1773527262"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le",
"product_id": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-project-clone-rhel9@sha256%3Abf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50?arch=ppc64le\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=1773953548"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64",
"product_id": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-rhel9-operator@sha256%3A783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf?arch=arm64\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=1773953459"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64",
"product_id": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-project-backup-rhel9@sha256%3A812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464?arch=arm64\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=1773527262"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64",
"product_id": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-project-clone-rhel9@sha256%3A955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514?arch=arm64\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=1773953548"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64 as a component of DevWorkspace Operator 0.4",
"product_id": "DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64",
"relates_to_product_reference": "DevWorkspace Operator 0.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64 as a component of DevWorkspace Operator 0.4",
"product_id": "DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64",
"relates_to_product_reference": "DevWorkspace Operator 0.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le as a component of DevWorkspace Operator 0.4",
"product_id": "DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le",
"relates_to_product_reference": "DevWorkspace Operator 0.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64 as a component of DevWorkspace Operator 0.4",
"product_id": "DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64",
"relates_to_product_reference": "DevWorkspace Operator 0.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x as a component of DevWorkspace Operator 0.4",
"product_id": "DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x",
"relates_to_product_reference": "DevWorkspace Operator 0.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64 as a component of DevWorkspace Operator 0.4",
"product_id": "DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64",
"relates_to_product_reference": "DevWorkspace Operator 0.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x as a component of DevWorkspace Operator 0.4",
"product_id": "DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x",
"relates_to_product_reference": "DevWorkspace Operator 0.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64 as a component of DevWorkspace Operator 0.4",
"product_id": "DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64",
"relates_to_product_reference": "DevWorkspace Operator 0.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le as a component of DevWorkspace Operator 0.4",
"product_id": "DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le",
"relates_to_product_reference": "DevWorkspace Operator 0.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64 as a component of DevWorkspace Operator 0.4",
"product_id": "DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64",
"relates_to_product_reference": "DevWorkspace Operator 0.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64 as a component of DevWorkspace Operator 0.4",
"product_id": "DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64",
"relates_to_product_reference": "DevWorkspace Operator 0.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x as a component of DevWorkspace Operator 0.4",
"product_id": "DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x",
"relates_to_product_reference": "DevWorkspace Operator 0.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le as a component of DevWorkspace Operator 0.4",
"product_id": "DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le",
"relates_to_product_reference": "DevWorkspace Operator 0.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le"
],
"known_not_affected": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T23:56:41+00:00",
"details": "To start using the DevWorkspace Operator, install the DevWorkspace Operator from OpenShift OperatorHub on OpenShift Container Platform 4.16 or higher.",
"product_ids": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5851"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le"
],
"known_not_affected": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T23:56:41+00:00",
"details": "To start using the DevWorkspace Operator, install the DevWorkspace Operator from OpenShift OperatorHub on OpenShift Container Platform 4.16 or higher.",
"product_ids": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5851"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le"
],
"known_not_affected": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T23:56:41+00:00",
"details": "To start using the DevWorkspace Operator, install the DevWorkspace Operator from OpenShift OperatorHub on OpenShift Container Platform 4.16 or higher.",
"product_ids": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5851"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le"
],
"known_not_affected": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T23:56:41+00:00",
"details": "To start using the DevWorkspace Operator, install the DevWorkspace Operator from OpenShift OperatorHub on OpenShift Container Platform 4.16 or higher.",
"product_ids": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5851"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
}
]
}
RHSA-2026:5852
Vulnerability from csaf_redhat - Published: 2026-03-26 00:58 - Updated: 2026-07-03 11:01A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for osbuild-composer is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients.\n\nSecurity Fix(es):\n\n* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)\n\n* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5852",
"url": "https://access.redhat.com/errata/RHSA-2026:5852"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5852.json"
}
],
"title": "Red Hat Security Advisory: osbuild-composer security update",
"tracking": {
"current_release_date": "2026-07-03T11:01:32+00:00",
"generator": {
"date": "2026-07-03T11:01:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:5852",
"initial_release_date": "2026-03-26T00:58:34+00:00",
"revision_history": [
{
"date": "2026-03-26T00:58:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-26T00:58:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-03T11:01:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux_eus:10.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:134.1-5.el10_0.src",
"product": {
"name": "osbuild-composer-0:134.1-5.el10_0.src",
"product_id": "osbuild-composer-0:134.1-5.el10_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@134.1-5.el10_0?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:134.1-5.el10_0.aarch64",
"product": {
"name": "osbuild-composer-0:134.1-5.el10_0.aarch64",
"product_id": "osbuild-composer-0:134.1-5.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@134.1-5.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:134.1-5.el10_0.aarch64",
"product": {
"name": "osbuild-composer-core-0:134.1-5.el10_0.aarch64",
"product_id": "osbuild-composer-core-0:134.1-5.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@134.1-5.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:134.1-5.el10_0.aarch64",
"product": {
"name": "osbuild-composer-worker-0:134.1-5.el10_0.aarch64",
"product_id": "osbuild-composer-worker-0:134.1-5.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@134.1-5.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:134.1-5.el10_0.aarch64",
"product": {
"name": "osbuild-composer-debugsource-0:134.1-5.el10_0.aarch64",
"product_id": "osbuild-composer-debugsource-0:134.1-5.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@134.1-5.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:134.1-5.el10_0.aarch64",
"product": {
"name": "osbuild-composer-core-debuginfo-0:134.1-5.el10_0.aarch64",
"product_id": "osbuild-composer-core-debuginfo-0:134.1-5.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@134.1-5.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.aarch64",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.aarch64",
"product_id": "osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@134.1-5.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.aarch64",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.aarch64",
"product_id": "osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@134.1-5.el10_0?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:134.1-5.el10_0.ppc64le",
"product": {
"name": "osbuild-composer-0:134.1-5.el10_0.ppc64le",
"product_id": "osbuild-composer-0:134.1-5.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@134.1-5.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:134.1-5.el10_0.ppc64le",
"product": {
"name": "osbuild-composer-core-0:134.1-5.el10_0.ppc64le",
"product_id": "osbuild-composer-core-0:134.1-5.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@134.1-5.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:134.1-5.el10_0.ppc64le",
"product": {
"name": "osbuild-composer-worker-0:134.1-5.el10_0.ppc64le",
"product_id": "osbuild-composer-worker-0:134.1-5.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@134.1-5.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:134.1-5.el10_0.ppc64le",
"product": {
"name": "osbuild-composer-debugsource-0:134.1-5.el10_0.ppc64le",
"product_id": "osbuild-composer-debugsource-0:134.1-5.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@134.1-5.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:134.1-5.el10_0.ppc64le",
"product": {
"name": "osbuild-composer-core-debuginfo-0:134.1-5.el10_0.ppc64le",
"product_id": "osbuild-composer-core-debuginfo-0:134.1-5.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@134.1-5.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.ppc64le",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.ppc64le",
"product_id": "osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@134.1-5.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.ppc64le",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.ppc64le",
"product_id": "osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@134.1-5.el10_0?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:134.1-5.el10_0.s390x",
"product": {
"name": "osbuild-composer-0:134.1-5.el10_0.s390x",
"product_id": "osbuild-composer-0:134.1-5.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@134.1-5.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:134.1-5.el10_0.s390x",
"product": {
"name": "osbuild-composer-core-0:134.1-5.el10_0.s390x",
"product_id": "osbuild-composer-core-0:134.1-5.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@134.1-5.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:134.1-5.el10_0.s390x",
"product": {
"name": "osbuild-composer-worker-0:134.1-5.el10_0.s390x",
"product_id": "osbuild-composer-worker-0:134.1-5.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@134.1-5.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:134.1-5.el10_0.s390x",
"product": {
"name": "osbuild-composer-debugsource-0:134.1-5.el10_0.s390x",
"product_id": "osbuild-composer-debugsource-0:134.1-5.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@134.1-5.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:134.1-5.el10_0.s390x",
"product": {
"name": "osbuild-composer-core-debuginfo-0:134.1-5.el10_0.s390x",
"product_id": "osbuild-composer-core-debuginfo-0:134.1-5.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@134.1-5.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.s390x",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.s390x",
"product_id": "osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@134.1-5.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.s390x",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.s390x",
"product_id": "osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@134.1-5.el10_0?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:134.1-5.el10_0.x86_64",
"product": {
"name": "osbuild-composer-0:134.1-5.el10_0.x86_64",
"product_id": "osbuild-composer-0:134.1-5.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@134.1-5.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:134.1-5.el10_0.x86_64",
"product": {
"name": "osbuild-composer-core-0:134.1-5.el10_0.x86_64",
"product_id": "osbuild-composer-core-0:134.1-5.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@134.1-5.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:134.1-5.el10_0.x86_64",
"product": {
"name": "osbuild-composer-worker-0:134.1-5.el10_0.x86_64",
"product_id": "osbuild-composer-worker-0:134.1-5.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@134.1-5.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:134.1-5.el10_0.x86_64",
"product": {
"name": "osbuild-composer-debugsource-0:134.1-5.el10_0.x86_64",
"product_id": "osbuild-composer-debugsource-0:134.1-5.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@134.1-5.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:134.1-5.el10_0.x86_64",
"product": {
"name": "osbuild-composer-core-debuginfo-0:134.1-5.el10_0.x86_64",
"product_id": "osbuild-composer-core-debuginfo-0:134.1-5.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@134.1-5.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.x86_64",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.x86_64",
"product_id": "osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@134.1-5.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.x86_64",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.x86_64",
"product_id": "osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@134.1-5.el10_0?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:134.1-5.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.aarch64"
},
"product_reference": "osbuild-composer-0:134.1-5.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:134.1-5.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.ppc64le"
},
"product_reference": "osbuild-composer-0:134.1-5.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:134.1-5.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.s390x"
},
"product_reference": "osbuild-composer-0:134.1-5.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:134.1-5.el10_0.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.src"
},
"product_reference": "osbuild-composer-0:134.1-5.el10_0.src",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:134.1-5.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.x86_64"
},
"product_reference": "osbuild-composer-0:134.1-5.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:134.1-5.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.aarch64"
},
"product_reference": "osbuild-composer-core-0:134.1-5.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:134.1-5.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.ppc64le"
},
"product_reference": "osbuild-composer-core-0:134.1-5.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:134.1-5.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.s390x"
},
"product_reference": "osbuild-composer-core-0:134.1-5.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:134.1-5.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.x86_64"
},
"product_reference": "osbuild-composer-core-0:134.1-5.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:134.1-5.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.aarch64"
},
"product_reference": "osbuild-composer-core-debuginfo-0:134.1-5.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:134.1-5.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.ppc64le"
},
"product_reference": "osbuild-composer-core-debuginfo-0:134.1-5.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:134.1-5.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.s390x"
},
"product_reference": "osbuild-composer-core-debuginfo-0:134.1-5.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:134.1-5.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.x86_64"
},
"product_reference": "osbuild-composer-core-debuginfo-0:134.1-5.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:134.1-5.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.aarch64"
},
"product_reference": "osbuild-composer-debugsource-0:134.1-5.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:134.1-5.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.ppc64le"
},
"product_reference": "osbuild-composer-debugsource-0:134.1-5.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:134.1-5.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.s390x"
},
"product_reference": "osbuild-composer-debugsource-0:134.1-5.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:134.1-5.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.x86_64"
},
"product_reference": "osbuild-composer-debugsource-0:134.1-5.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.aarch64"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.ppc64le"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.s390x"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.x86_64"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:134.1-5.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.aarch64"
},
"product_reference": "osbuild-composer-worker-0:134.1-5.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:134.1-5.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.ppc64le"
},
"product_reference": "osbuild-composer-worker-0:134.1-5.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:134.1-5.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.s390x"
},
"product_reference": "osbuild-composer-worker-0:134.1-5.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:134.1-5.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.x86_64"
},
"product_reference": "osbuild-composer-worker-0:134.1-5.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.aarch64"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.ppc64le"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.s390x"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.x86_64"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.src",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T00:58:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.src",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5852"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.src",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.src",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.src",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T00:58:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.src",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5852"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.src",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
}
]
}
RHSA-2026:5853
Vulnerability from csaf_redhat - Published: 2026-03-26 01:05 - Updated: 2026-07-03 11:01A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:osbuild-composer-0:46.3-6.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:osbuild-composer-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:osbuild-composer-core-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:osbuild-composer-worker-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:osbuild-composer-0:46.3-6.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:osbuild-composer-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:osbuild-composer-core-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:osbuild-composer-worker-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:osbuild-composer-0:46.3-6.el8_6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:osbuild-composer-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:osbuild-composer-core-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:osbuild-composer-worker-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:osbuild-composer-0:46.3-6.el8_6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:osbuild-composer-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:osbuild-composer-core-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:osbuild-composer-worker-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for osbuild-composer is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients.\n\nSecurity Fix(es):\n\n* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)\n\n* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5853",
"url": "https://access.redhat.com/errata/RHSA-2026:5853"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5853.json"
}
],
"title": "Red Hat Security Advisory: osbuild-composer security update",
"tracking": {
"current_release_date": "2026-07-03T11:01:34+00:00",
"generator": {
"date": "2026-07-03T11:01:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:5853",
"initial_release_date": "2026-03-26T01:05:19+00:00",
"revision_history": [
{
"date": "2026-03-26T01:05:19+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-26T01:05:19+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-03T11:01:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.6::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:46.3-6.el8_6.src",
"product": {
"name": "osbuild-composer-0:46.3-6.el8_6.src",
"product_id": "osbuild-composer-0:46.3-6.el8_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@46.3-6.el8_6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:46.3-6.el8_6.x86_64",
"product": {
"name": "osbuild-composer-0:46.3-6.el8_6.x86_64",
"product_id": "osbuild-composer-0:46.3-6.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@46.3-6.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"product": {
"name": "osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"product_id": "osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@46.3-6.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"product": {
"name": "osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"product_id": "osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-dnf-json@46.3-6.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"product": {
"name": "osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"product_id": "osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@46.3-6.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"product": {
"name": "osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"product_id": "osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@46.3-6.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"product": {
"name": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"product_id": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@46.3-6.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"product": {
"name": "osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"product_id": "osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debuginfo@46.3-6.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"product_id": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@46.3-6.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64",
"product_id": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@46.3-6.el8_6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:46.3-6.el8_6.aarch64",
"product": {
"name": "osbuild-composer-0:46.3-6.el8_6.aarch64",
"product_id": "osbuild-composer-0:46.3-6.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@46.3-6.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:46.3-6.el8_6.aarch64",
"product": {
"name": "osbuild-composer-core-0:46.3-6.el8_6.aarch64",
"product_id": "osbuild-composer-core-0:46.3-6.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@46.3-6.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-dnf-json-0:46.3-6.el8_6.aarch64",
"product": {
"name": "osbuild-composer-dnf-json-0:46.3-6.el8_6.aarch64",
"product_id": "osbuild-composer-dnf-json-0:46.3-6.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-dnf-json@46.3-6.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:46.3-6.el8_6.aarch64",
"product": {
"name": "osbuild-composer-worker-0:46.3-6.el8_6.aarch64",
"product_id": "osbuild-composer-worker-0:46.3-6.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@46.3-6.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:46.3-6.el8_6.aarch64",
"product": {
"name": "osbuild-composer-debugsource-0:46.3-6.el8_6.aarch64",
"product_id": "osbuild-composer-debugsource-0:46.3-6.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@46.3-6.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.aarch64",
"product": {
"name": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.aarch64",
"product_id": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@46.3-6.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debuginfo-0:46.3-6.el8_6.aarch64",
"product": {
"name": "osbuild-composer-debuginfo-0:46.3-6.el8_6.aarch64",
"product_id": "osbuild-composer-debuginfo-0:46.3-6.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debuginfo@46.3-6.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.aarch64",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.aarch64",
"product_id": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@46.3-6.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.aarch64",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.aarch64",
"product_id": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@46.3-6.el8_6?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:46.3-6.el8_6.ppc64le",
"product": {
"name": "osbuild-composer-0:46.3-6.el8_6.ppc64le",
"product_id": "osbuild-composer-0:46.3-6.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@46.3-6.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:46.3-6.el8_6.ppc64le",
"product": {
"name": "osbuild-composer-core-0:46.3-6.el8_6.ppc64le",
"product_id": "osbuild-composer-core-0:46.3-6.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@46.3-6.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-dnf-json-0:46.3-6.el8_6.ppc64le",
"product": {
"name": "osbuild-composer-dnf-json-0:46.3-6.el8_6.ppc64le",
"product_id": "osbuild-composer-dnf-json-0:46.3-6.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-dnf-json@46.3-6.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:46.3-6.el8_6.ppc64le",
"product": {
"name": "osbuild-composer-worker-0:46.3-6.el8_6.ppc64le",
"product_id": "osbuild-composer-worker-0:46.3-6.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@46.3-6.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:46.3-6.el8_6.ppc64le",
"product": {
"name": "osbuild-composer-debugsource-0:46.3-6.el8_6.ppc64le",
"product_id": "osbuild-composer-debugsource-0:46.3-6.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@46.3-6.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.ppc64le",
"product": {
"name": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.ppc64le",
"product_id": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@46.3-6.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debuginfo-0:46.3-6.el8_6.ppc64le",
"product": {
"name": "osbuild-composer-debuginfo-0:46.3-6.el8_6.ppc64le",
"product_id": "osbuild-composer-debuginfo-0:46.3-6.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debuginfo@46.3-6.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.ppc64le",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.ppc64le",
"product_id": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@46.3-6.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.ppc64le",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.ppc64le",
"product_id": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@46.3-6.el8_6?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:46.3-6.el8_6.s390x",
"product": {
"name": "osbuild-composer-0:46.3-6.el8_6.s390x",
"product_id": "osbuild-composer-0:46.3-6.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@46.3-6.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:46.3-6.el8_6.s390x",
"product": {
"name": "osbuild-composer-core-0:46.3-6.el8_6.s390x",
"product_id": "osbuild-composer-core-0:46.3-6.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@46.3-6.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-dnf-json-0:46.3-6.el8_6.s390x",
"product": {
"name": "osbuild-composer-dnf-json-0:46.3-6.el8_6.s390x",
"product_id": "osbuild-composer-dnf-json-0:46.3-6.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-dnf-json@46.3-6.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:46.3-6.el8_6.s390x",
"product": {
"name": "osbuild-composer-worker-0:46.3-6.el8_6.s390x",
"product_id": "osbuild-composer-worker-0:46.3-6.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@46.3-6.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:46.3-6.el8_6.s390x",
"product": {
"name": "osbuild-composer-debugsource-0:46.3-6.el8_6.s390x",
"product_id": "osbuild-composer-debugsource-0:46.3-6.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@46.3-6.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.s390x",
"product": {
"name": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.s390x",
"product_id": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@46.3-6.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debuginfo-0:46.3-6.el8_6.s390x",
"product": {
"name": "osbuild-composer-debuginfo-0:46.3-6.el8_6.s390x",
"product_id": "osbuild-composer-debuginfo-0:46.3-6.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debuginfo@46.3-6.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.s390x",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.s390x",
"product_id": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@46.3-6.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.s390x",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.s390x",
"product_id": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@46.3-6.el8_6?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:46.3-6.el8_6.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:osbuild-composer-0:46.3-6.el8_6.src"
},
"product_reference": "osbuild-composer-0:46.3-6.el8_6.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:osbuild-composer-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:osbuild-composer-core-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:osbuild-composer-worker-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:46.3-6.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.aarch64"
},
"product_reference": "osbuild-composer-0:46.3-6.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:46.3-6.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.ppc64le"
},
"product_reference": "osbuild-composer-0:46.3-6.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:46.3-6.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.s390x"
},
"product_reference": "osbuild-composer-0:46.3-6.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:46.3-6.el8_6.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.src"
},
"product_reference": "osbuild-composer-0:46.3-6.el8_6.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:46.3-6.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.aarch64"
},
"product_reference": "osbuild-composer-core-0:46.3-6.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:46.3-6.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.ppc64le"
},
"product_reference": "osbuild-composer-core-0:46.3-6.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:46.3-6.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.s390x"
},
"product_reference": "osbuild-composer-core-0:46.3-6.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.aarch64"
},
"product_reference": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.ppc64le"
},
"product_reference": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.s390x"
},
"product_reference": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debuginfo-0:46.3-6.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.aarch64"
},
"product_reference": "osbuild-composer-debuginfo-0:46.3-6.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debuginfo-0:46.3-6.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.ppc64le"
},
"product_reference": "osbuild-composer-debuginfo-0:46.3-6.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debuginfo-0:46.3-6.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.s390x"
},
"product_reference": "osbuild-composer-debuginfo-0:46.3-6.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:46.3-6.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.aarch64"
},
"product_reference": "osbuild-composer-debugsource-0:46.3-6.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:46.3-6.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.ppc64le"
},
"product_reference": "osbuild-composer-debugsource-0:46.3-6.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:46.3-6.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.s390x"
},
"product_reference": "osbuild-composer-debugsource-0:46.3-6.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-dnf-json-0:46.3-6.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.aarch64"
},
"product_reference": "osbuild-composer-dnf-json-0:46.3-6.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-dnf-json-0:46.3-6.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.ppc64le"
},
"product_reference": "osbuild-composer-dnf-json-0:46.3-6.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-dnf-json-0:46.3-6.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.s390x"
},
"product_reference": "osbuild-composer-dnf-json-0:46.3-6.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.aarch64"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.ppc64le"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.s390x"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:46.3-6.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.aarch64"
},
"product_reference": "osbuild-composer-worker-0:46.3-6.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:46.3-6.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.ppc64le"
},
"product_reference": "osbuild-composer-worker-0:46.3-6.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:46.3-6.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.s390x"
},
"product_reference": "osbuild-composer-worker-0:46.3-6.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.aarch64"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.ppc64le"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.s390x"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:46.3-6.el8_6.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:osbuild-composer-0:46.3-6.el8_6.src"
},
"product_reference": "osbuild-composer-0:46.3-6.el8_6.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:osbuild-composer-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:osbuild-composer-core-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:osbuild-composer-worker-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:osbuild-composer-0:46.3-6.el8_6.src",
"AppStream-8.6.0.Z.AUS:osbuild-composer-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.src",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-0:46.3-6.el8_6.src",
"AppStream-8.6.0.Z.TUS:osbuild-composer-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T01:05:19+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:osbuild-composer-0:46.3-6.el8_6.src",
"AppStream-8.6.0.Z.AUS:osbuild-composer-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.src",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-0:46.3-6.el8_6.src",
"AppStream-8.6.0.Z.TUS:osbuild-composer-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5853"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:osbuild-composer-0:46.3-6.el8_6.src",
"AppStream-8.6.0.Z.AUS:osbuild-composer-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.src",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-0:46.3-6.el8_6.src",
"AppStream-8.6.0.Z.TUS:osbuild-composer-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:osbuild-composer-0:46.3-6.el8_6.src",
"AppStream-8.6.0.Z.AUS:osbuild-composer-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.src",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-0:46.3-6.el8_6.src",
"AppStream-8.6.0.Z.TUS:osbuild-composer-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:osbuild-composer-0:46.3-6.el8_6.src",
"AppStream-8.6.0.Z.AUS:osbuild-composer-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.src",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-0:46.3-6.el8_6.src",
"AppStream-8.6.0.Z.TUS:osbuild-composer-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T01:05:19+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:osbuild-composer-0:46.3-6.el8_6.src",
"AppStream-8.6.0.Z.AUS:osbuild-composer-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.src",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-0:46.3-6.el8_6.src",
"AppStream-8.6.0.Z.TUS:osbuild-composer-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5853"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:osbuild-composer-0:46.3-6.el8_6.src",
"AppStream-8.6.0.Z.AUS:osbuild-composer-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.src",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-0:46.3-6.el8_6.src",
"AppStream-8.6.0.Z.TUS:osbuild-composer-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
}
]
}
RHSA-2026:5866
Vulnerability from csaf_redhat - Published: 2026-04-01 09:29 - Updated: 2026-07-03 10:52A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.src | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.src | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.aarch64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.src | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.aarch64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.x86_64 | — |
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.x86_64 | — |
Vendor Fix
fix
|
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.17.52 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.17.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.17.52. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHSA-2026:5907\n\nSecurity Fix(es):\n\n* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)\n* golang: archive/tar: Unbounded allocation when parsing GNU sparse map (CVE-2025-58183)\n* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.17 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html-single/updating_clusters/index#updating-cluster-cli.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5866",
"url": "https://access.redhat.com/errata/RHSA-2026:5866"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2407258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407258"
},
{
"category": "external",
"summary": "2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5866.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.17.52 packages and security update",
"tracking": {
"current_release_date": "2026-07-03T10:52:28+00:00",
"generator": {
"date": "2026-07-03T10:52:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:5866",
"initial_release_date": "2026-04-01T09:29:07+00:00",
"revision_history": [
{
"date": "2026-04-01T09:29:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-01T09:29:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-03T10:52:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.17",
"product": {
"name": "Red Hat OpenShift Container Platform 4.17",
"product_id": "8Base-RHOSE-4.17",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.17::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.17",
"product": {
"name": "Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.17::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.src",
"product": {
"name": "containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.src",
"product_id": "containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins@1.4.0-8.rhaos4.17.el8?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "runc-4:1.2.9-4.rhaos4.17.el8.src",
"product": {
"name": "runc-4:1.2.9-4.rhaos4.17.el8.src",
"product_id": "runc-4:1.2.9-4.rhaos4.17.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.2.9-4.rhaos4.17.el8?arch=src\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "skopeo-2:1.16.1-5.rhaos4.17.el8.src",
"product": {
"name": "skopeo-2:1.16.1-5.rhaos4.17.el8.src",
"product_id": "skopeo-2:1.16.1-5.rhaos4.17.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.16.1-5.rhaos4.17.el8?arch=src\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "runc-4:1.2.9-4.rhaos4.17.el9.src",
"product": {
"name": "runc-4:1.2.9-4.rhaos4.17.el9.src",
"product_id": "runc-4:1.2.9-4.rhaos4.17.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.2.9-4.rhaos4.17.el9?arch=src\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "skopeo-2:1.16.1-5.rhaos4.17.el9.src",
"product": {
"name": "skopeo-2:1.16.1-5.rhaos4.17.el9.src",
"product_id": "skopeo-2:1.16.1-5.rhaos4.17.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.16.1-5.rhaos4.17.el9?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.x86_64",
"product": {
"name": "containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.x86_64",
"product_id": "containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins@1.4.0-8.rhaos4.17.el8?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.x86_64",
"product": {
"name": "containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.x86_64",
"product_id": "containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debugsource@1.4.0-8.rhaos4.17.el8?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.x86_64",
"product": {
"name": "containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.x86_64",
"product_id": "containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debuginfo@1.4.0-8.rhaos4.17.el8?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "runc-4:1.2.9-4.rhaos4.17.el8.x86_64",
"product": {
"name": "runc-4:1.2.9-4.rhaos4.17.el8.x86_64",
"product_id": "runc-4:1.2.9-4.rhaos4.17.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.2.9-4.rhaos4.17.el8?arch=x86_64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.2.9-4.rhaos4.17.el8.x86_64",
"product": {
"name": "runc-debugsource-4:1.2.9-4.rhaos4.17.el8.x86_64",
"product_id": "runc-debugsource-4:1.2.9-4.rhaos4.17.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.2.9-4.rhaos4.17.el8?arch=x86_64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.x86_64",
"product": {
"name": "runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.x86_64",
"product_id": "runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.2.9-4.rhaos4.17.el8?arch=x86_64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "skopeo-2:1.16.1-5.rhaos4.17.el8.x86_64",
"product": {
"name": "skopeo-2:1.16.1-5.rhaos4.17.el8.x86_64",
"product_id": "skopeo-2:1.16.1-5.rhaos4.17.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.16.1-5.rhaos4.17.el8?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.16.1-5.rhaos4.17.el8.x86_64",
"product": {
"name": "skopeo-tests-2:1.16.1-5.rhaos4.17.el8.x86_64",
"product_id": "skopeo-tests-2:1.16.1-5.rhaos4.17.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.16.1-5.rhaos4.17.el8?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "runc-4:1.2.9-4.rhaos4.17.el9.x86_64",
"product": {
"name": "runc-4:1.2.9-4.rhaos4.17.el9.x86_64",
"product_id": "runc-4:1.2.9-4.rhaos4.17.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.2.9-4.rhaos4.17.el9?arch=x86_64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.2.9-4.rhaos4.17.el9.x86_64",
"product": {
"name": "runc-debugsource-4:1.2.9-4.rhaos4.17.el9.x86_64",
"product_id": "runc-debugsource-4:1.2.9-4.rhaos4.17.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.2.9-4.rhaos4.17.el9?arch=x86_64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.x86_64",
"product": {
"name": "runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.x86_64",
"product_id": "runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.2.9-4.rhaos4.17.el9?arch=x86_64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "skopeo-2:1.16.1-5.rhaos4.17.el9.x86_64",
"product": {
"name": "skopeo-2:1.16.1-5.rhaos4.17.el9.x86_64",
"product_id": "skopeo-2:1.16.1-5.rhaos4.17.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.16.1-5.rhaos4.17.el9?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.16.1-5.rhaos4.17.el9.x86_64",
"product": {
"name": "skopeo-tests-2:1.16.1-5.rhaos4.17.el9.x86_64",
"product_id": "skopeo-tests-2:1.16.1-5.rhaos4.17.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.16.1-5.rhaos4.17.el9?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.x86_64",
"product": {
"name": "skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.x86_64",
"product_id": "skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.16.1-5.rhaos4.17.el9?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.x86_64",
"product": {
"name": "skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.x86_64",
"product_id": "skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.16.1-5.rhaos4.17.el9?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.aarch64",
"product": {
"name": "containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.aarch64",
"product_id": "containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins@1.4.0-8.rhaos4.17.el8?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.aarch64",
"product": {
"name": "containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.aarch64",
"product_id": "containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debugsource@1.4.0-8.rhaos4.17.el8?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.aarch64",
"product": {
"name": "containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.aarch64",
"product_id": "containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debuginfo@1.4.0-8.rhaos4.17.el8?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "runc-4:1.2.9-4.rhaos4.17.el8.aarch64",
"product": {
"name": "runc-4:1.2.9-4.rhaos4.17.el8.aarch64",
"product_id": "runc-4:1.2.9-4.rhaos4.17.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.2.9-4.rhaos4.17.el8?arch=aarch64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.2.9-4.rhaos4.17.el8.aarch64",
"product": {
"name": "runc-debugsource-4:1.2.9-4.rhaos4.17.el8.aarch64",
"product_id": "runc-debugsource-4:1.2.9-4.rhaos4.17.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.2.9-4.rhaos4.17.el8?arch=aarch64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.aarch64",
"product": {
"name": "runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.aarch64",
"product_id": "runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.2.9-4.rhaos4.17.el8?arch=aarch64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "skopeo-2:1.16.1-5.rhaos4.17.el8.aarch64",
"product": {
"name": "skopeo-2:1.16.1-5.rhaos4.17.el8.aarch64",
"product_id": "skopeo-2:1.16.1-5.rhaos4.17.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.16.1-5.rhaos4.17.el8?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.16.1-5.rhaos4.17.el8.aarch64",
"product": {
"name": "skopeo-tests-2:1.16.1-5.rhaos4.17.el8.aarch64",
"product_id": "skopeo-tests-2:1.16.1-5.rhaos4.17.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.16.1-5.rhaos4.17.el8?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "runc-4:1.2.9-4.rhaos4.17.el9.aarch64",
"product": {
"name": "runc-4:1.2.9-4.rhaos4.17.el9.aarch64",
"product_id": "runc-4:1.2.9-4.rhaos4.17.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.2.9-4.rhaos4.17.el9?arch=aarch64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.2.9-4.rhaos4.17.el9.aarch64",
"product": {
"name": "runc-debugsource-4:1.2.9-4.rhaos4.17.el9.aarch64",
"product_id": "runc-debugsource-4:1.2.9-4.rhaos4.17.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.2.9-4.rhaos4.17.el9?arch=aarch64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.aarch64",
"product": {
"name": "runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.aarch64",
"product_id": "runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.2.9-4.rhaos4.17.el9?arch=aarch64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "skopeo-2:1.16.1-5.rhaos4.17.el9.aarch64",
"product": {
"name": "skopeo-2:1.16.1-5.rhaos4.17.el9.aarch64",
"product_id": "skopeo-2:1.16.1-5.rhaos4.17.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.16.1-5.rhaos4.17.el9?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.16.1-5.rhaos4.17.el9.aarch64",
"product": {
"name": "skopeo-tests-2:1.16.1-5.rhaos4.17.el9.aarch64",
"product_id": "skopeo-tests-2:1.16.1-5.rhaos4.17.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.16.1-5.rhaos4.17.el9?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.aarch64",
"product": {
"name": "skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.aarch64",
"product_id": "skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.16.1-5.rhaos4.17.el9?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.aarch64",
"product": {
"name": "skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.aarch64",
"product_id": "skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.16.1-5.rhaos4.17.el9?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.ppc64le",
"product": {
"name": "containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.ppc64le",
"product_id": "containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins@1.4.0-8.rhaos4.17.el8?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.ppc64le",
"product": {
"name": "containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.ppc64le",
"product_id": "containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debugsource@1.4.0-8.rhaos4.17.el8?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.ppc64le",
"product": {
"name": "containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.ppc64le",
"product_id": "containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debuginfo@1.4.0-8.rhaos4.17.el8?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "runc-4:1.2.9-4.rhaos4.17.el8.ppc64le",
"product": {
"name": "runc-4:1.2.9-4.rhaos4.17.el8.ppc64le",
"product_id": "runc-4:1.2.9-4.rhaos4.17.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.2.9-4.rhaos4.17.el8?arch=ppc64le\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.2.9-4.rhaos4.17.el8.ppc64le",
"product": {
"name": "runc-debugsource-4:1.2.9-4.rhaos4.17.el8.ppc64le",
"product_id": "runc-debugsource-4:1.2.9-4.rhaos4.17.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.2.9-4.rhaos4.17.el8?arch=ppc64le\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.ppc64le",
"product": {
"name": "runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.ppc64le",
"product_id": "runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.2.9-4.rhaos4.17.el8?arch=ppc64le\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "skopeo-2:1.16.1-5.rhaos4.17.el8.ppc64le",
"product": {
"name": "skopeo-2:1.16.1-5.rhaos4.17.el8.ppc64le",
"product_id": "skopeo-2:1.16.1-5.rhaos4.17.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.16.1-5.rhaos4.17.el8?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.16.1-5.rhaos4.17.el8.ppc64le",
"product": {
"name": "skopeo-tests-2:1.16.1-5.rhaos4.17.el8.ppc64le",
"product_id": "skopeo-tests-2:1.16.1-5.rhaos4.17.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.16.1-5.rhaos4.17.el8?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "runc-4:1.2.9-4.rhaos4.17.el9.ppc64le",
"product": {
"name": "runc-4:1.2.9-4.rhaos4.17.el9.ppc64le",
"product_id": "runc-4:1.2.9-4.rhaos4.17.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.2.9-4.rhaos4.17.el9?arch=ppc64le\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.2.9-4.rhaos4.17.el9.ppc64le",
"product": {
"name": "runc-debugsource-4:1.2.9-4.rhaos4.17.el9.ppc64le",
"product_id": "runc-debugsource-4:1.2.9-4.rhaos4.17.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.2.9-4.rhaos4.17.el9?arch=ppc64le\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.ppc64le",
"product": {
"name": "runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.ppc64le",
"product_id": "runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.2.9-4.rhaos4.17.el9?arch=ppc64le\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "skopeo-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"product": {
"name": "skopeo-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"product_id": "skopeo-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.16.1-5.rhaos4.17.el9?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"product": {
"name": "skopeo-tests-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"product_id": "skopeo-tests-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.16.1-5.rhaos4.17.el9?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"product": {
"name": "skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"product_id": "skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.16.1-5.rhaos4.17.el9?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"product": {
"name": "skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"product_id": "skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.16.1-5.rhaos4.17.el9?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.s390x",
"product": {
"name": "containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.s390x",
"product_id": "containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins@1.4.0-8.rhaos4.17.el8?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.s390x",
"product": {
"name": "containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.s390x",
"product_id": "containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debugsource@1.4.0-8.rhaos4.17.el8?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.s390x",
"product": {
"name": "containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.s390x",
"product_id": "containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debuginfo@1.4.0-8.rhaos4.17.el8?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "runc-4:1.2.9-4.rhaos4.17.el8.s390x",
"product": {
"name": "runc-4:1.2.9-4.rhaos4.17.el8.s390x",
"product_id": "runc-4:1.2.9-4.rhaos4.17.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.2.9-4.rhaos4.17.el8?arch=s390x\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.2.9-4.rhaos4.17.el8.s390x",
"product": {
"name": "runc-debugsource-4:1.2.9-4.rhaos4.17.el8.s390x",
"product_id": "runc-debugsource-4:1.2.9-4.rhaos4.17.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.2.9-4.rhaos4.17.el8?arch=s390x\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.s390x",
"product": {
"name": "runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.s390x",
"product_id": "runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.2.9-4.rhaos4.17.el8?arch=s390x\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "skopeo-2:1.16.1-5.rhaos4.17.el8.s390x",
"product": {
"name": "skopeo-2:1.16.1-5.rhaos4.17.el8.s390x",
"product_id": "skopeo-2:1.16.1-5.rhaos4.17.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.16.1-5.rhaos4.17.el8?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.16.1-5.rhaos4.17.el8.s390x",
"product": {
"name": "skopeo-tests-2:1.16.1-5.rhaos4.17.el8.s390x",
"product_id": "skopeo-tests-2:1.16.1-5.rhaos4.17.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.16.1-5.rhaos4.17.el8?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "runc-4:1.2.9-4.rhaos4.17.el9.s390x",
"product": {
"name": "runc-4:1.2.9-4.rhaos4.17.el9.s390x",
"product_id": "runc-4:1.2.9-4.rhaos4.17.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc@1.2.9-4.rhaos4.17.el9?arch=s390x\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debugsource-4:1.2.9-4.rhaos4.17.el9.s390x",
"product": {
"name": "runc-debugsource-4:1.2.9-4.rhaos4.17.el9.s390x",
"product_id": "runc-debugsource-4:1.2.9-4.rhaos4.17.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debugsource@1.2.9-4.rhaos4.17.el9?arch=s390x\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.s390x",
"product": {
"name": "runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.s390x",
"product_id": "runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/runc-debuginfo@1.2.9-4.rhaos4.17.el9?arch=s390x\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "skopeo-2:1.16.1-5.rhaos4.17.el9.s390x",
"product": {
"name": "skopeo-2:1.16.1-5.rhaos4.17.el9.s390x",
"product_id": "skopeo-2:1.16.1-5.rhaos4.17.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.16.1-5.rhaos4.17.el9?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.16.1-5.rhaos4.17.el9.s390x",
"product": {
"name": "skopeo-tests-2:1.16.1-5.rhaos4.17.el9.s390x",
"product_id": "skopeo-tests-2:1.16.1-5.rhaos4.17.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.16.1-5.rhaos4.17.el9?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.s390x",
"product": {
"name": "skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.s390x",
"product_id": "skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.16.1-5.rhaos4.17.el9?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.s390x",
"product": {
"name": "skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.s390x",
"product_id": "skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.16.1-5.rhaos4.17.el9?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.aarch64"
},
"product_reference": "containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.ppc64le"
},
"product_reference": "containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.s390x as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.s390x"
},
"product_reference": "containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.src as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.src"
},
"product_reference": "containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.x86_64"
},
"product_reference": "containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.aarch64"
},
"product_reference": "containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.ppc64le"
},
"product_reference": "containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.s390x as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.s390x"
},
"product_reference": "containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.x86_64"
},
"product_reference": "containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.aarch64"
},
"product_reference": "containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.ppc64le"
},
"product_reference": "containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.s390x as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.s390x"
},
"product_reference": "containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.x86_64"
},
"product_reference": "containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.2.9-4.rhaos4.17.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.aarch64"
},
"product_reference": "runc-4:1.2.9-4.rhaos4.17.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.2.9-4.rhaos4.17.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.ppc64le"
},
"product_reference": "runc-4:1.2.9-4.rhaos4.17.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.2.9-4.rhaos4.17.el8.s390x as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.s390x"
},
"product_reference": "runc-4:1.2.9-4.rhaos4.17.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.2.9-4.rhaos4.17.el8.src as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.src"
},
"product_reference": "runc-4:1.2.9-4.rhaos4.17.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.2.9-4.rhaos4.17.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.x86_64"
},
"product_reference": "runc-4:1.2.9-4.rhaos4.17.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.aarch64"
},
"product_reference": "runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.ppc64le"
},
"product_reference": "runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.s390x as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.s390x"
},
"product_reference": "runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.x86_64"
},
"product_reference": "runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.2.9-4.rhaos4.17.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.aarch64"
},
"product_reference": "runc-debugsource-4:1.2.9-4.rhaos4.17.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.2.9-4.rhaos4.17.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.ppc64le"
},
"product_reference": "runc-debugsource-4:1.2.9-4.rhaos4.17.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.2.9-4.rhaos4.17.el8.s390x as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.s390x"
},
"product_reference": "runc-debugsource-4:1.2.9-4.rhaos4.17.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.2.9-4.rhaos4.17.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.x86_64"
},
"product_reference": "runc-debugsource-4:1.2.9-4.rhaos4.17.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.16.1-5.rhaos4.17.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.aarch64"
},
"product_reference": "skopeo-2:1.16.1-5.rhaos4.17.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.16.1-5.rhaos4.17.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.ppc64le"
},
"product_reference": "skopeo-2:1.16.1-5.rhaos4.17.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.16.1-5.rhaos4.17.el8.s390x as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.s390x"
},
"product_reference": "skopeo-2:1.16.1-5.rhaos4.17.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.16.1-5.rhaos4.17.el8.src as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.src"
},
"product_reference": "skopeo-2:1.16.1-5.rhaos4.17.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.16.1-5.rhaos4.17.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.x86_64"
},
"product_reference": "skopeo-2:1.16.1-5.rhaos4.17.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.16.1-5.rhaos4.17.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.aarch64"
},
"product_reference": "skopeo-tests-2:1.16.1-5.rhaos4.17.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.16.1-5.rhaos4.17.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.ppc64le"
},
"product_reference": "skopeo-tests-2:1.16.1-5.rhaos4.17.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.16.1-5.rhaos4.17.el8.s390x as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.s390x"
},
"product_reference": "skopeo-tests-2:1.16.1-5.rhaos4.17.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.16.1-5.rhaos4.17.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.x86_64"
},
"product_reference": "skopeo-tests-2:1.16.1-5.rhaos4.17.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.2.9-4.rhaos4.17.el9.aarch64 as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.aarch64"
},
"product_reference": "runc-4:1.2.9-4.rhaos4.17.el9.aarch64",
"relates_to_product_reference": "9Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.2.9-4.rhaos4.17.el9.ppc64le as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.ppc64le"
},
"product_reference": "runc-4:1.2.9-4.rhaos4.17.el9.ppc64le",
"relates_to_product_reference": "9Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.2.9-4.rhaos4.17.el9.s390x as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.s390x"
},
"product_reference": "runc-4:1.2.9-4.rhaos4.17.el9.s390x",
"relates_to_product_reference": "9Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.2.9-4.rhaos4.17.el9.src as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.src"
},
"product_reference": "runc-4:1.2.9-4.rhaos4.17.el9.src",
"relates_to_product_reference": "9Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-4:1.2.9-4.rhaos4.17.el9.x86_64 as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.x86_64"
},
"product_reference": "runc-4:1.2.9-4.rhaos4.17.el9.x86_64",
"relates_to_product_reference": "9Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.aarch64 as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.aarch64"
},
"product_reference": "runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.aarch64",
"relates_to_product_reference": "9Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.ppc64le as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.ppc64le"
},
"product_reference": "runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.ppc64le",
"relates_to_product_reference": "9Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.s390x as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.s390x"
},
"product_reference": "runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.s390x",
"relates_to_product_reference": "9Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.x86_64 as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.x86_64"
},
"product_reference": "runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.x86_64",
"relates_to_product_reference": "9Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.2.9-4.rhaos4.17.el9.aarch64 as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.aarch64"
},
"product_reference": "runc-debugsource-4:1.2.9-4.rhaos4.17.el9.aarch64",
"relates_to_product_reference": "9Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.2.9-4.rhaos4.17.el9.ppc64le as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.ppc64le"
},
"product_reference": "runc-debugsource-4:1.2.9-4.rhaos4.17.el9.ppc64le",
"relates_to_product_reference": "9Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.2.9-4.rhaos4.17.el9.s390x as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.s390x"
},
"product_reference": "runc-debugsource-4:1.2.9-4.rhaos4.17.el9.s390x",
"relates_to_product_reference": "9Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-debugsource-4:1.2.9-4.rhaos4.17.el9.x86_64 as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.x86_64"
},
"product_reference": "runc-debugsource-4:1.2.9-4.rhaos4.17.el9.x86_64",
"relates_to_product_reference": "9Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.16.1-5.rhaos4.17.el9.aarch64 as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.aarch64"
},
"product_reference": "skopeo-2:1.16.1-5.rhaos4.17.el9.aarch64",
"relates_to_product_reference": "9Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.16.1-5.rhaos4.17.el9.ppc64le as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.ppc64le"
},
"product_reference": "skopeo-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"relates_to_product_reference": "9Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.16.1-5.rhaos4.17.el9.s390x as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.s390x"
},
"product_reference": "skopeo-2:1.16.1-5.rhaos4.17.el9.s390x",
"relates_to_product_reference": "9Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.16.1-5.rhaos4.17.el9.src as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.src"
},
"product_reference": "skopeo-2:1.16.1-5.rhaos4.17.el9.src",
"relates_to_product_reference": "9Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.16.1-5.rhaos4.17.el9.x86_64 as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.x86_64"
},
"product_reference": "skopeo-2:1.16.1-5.rhaos4.17.el9.x86_64",
"relates_to_product_reference": "9Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.aarch64 as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.aarch64"
},
"product_reference": "skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.aarch64",
"relates_to_product_reference": "9Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.ppc64le as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.ppc64le"
},
"product_reference": "skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"relates_to_product_reference": "9Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.s390x as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.s390x"
},
"product_reference": "skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.s390x",
"relates_to_product_reference": "9Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.x86_64 as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.x86_64"
},
"product_reference": "skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.x86_64",
"relates_to_product_reference": "9Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.aarch64 as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.aarch64"
},
"product_reference": "skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.aarch64",
"relates_to_product_reference": "9Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.ppc64le as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.ppc64le"
},
"product_reference": "skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"relates_to_product_reference": "9Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.s390x as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.s390x"
},
"product_reference": "skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.s390x",
"relates_to_product_reference": "9Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.x86_64 as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.x86_64"
},
"product_reference": "skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.x86_64",
"relates_to_product_reference": "9Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.16.1-5.rhaos4.17.el9.aarch64 as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.aarch64"
},
"product_reference": "skopeo-tests-2:1.16.1-5.rhaos4.17.el9.aarch64",
"relates_to_product_reference": "9Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.16.1-5.rhaos4.17.el9.ppc64le as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.ppc64le"
},
"product_reference": "skopeo-tests-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"relates_to_product_reference": "9Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.16.1-5.rhaos4.17.el9.s390x as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.s390x"
},
"product_reference": "skopeo-tests-2:1.16.1-5.rhaos4.17.el9.s390x",
"relates_to_product_reference": "9Base-RHOSE-4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.16.1-5.rhaos4.17.el9.x86_64 as a component of Red Hat OpenShift Container Platform 4.17",
"product_id": "9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.x86_64"
},
"product_reference": "skopeo-tests-2:1.16.1-5.rhaos4.17.el9.x86_64",
"relates_to_product_reference": "9Base-RHOSE-4.17"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-58183",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:50.573951+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.src",
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.src",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.x86_64",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.src",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407258"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted GNU tar pax 1.0 archive with the application using the archive/tar package. Additionally, this issue can cause the Go application to allocate a large amount of memory, eventually leading to an out-of-memory condition and resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.src",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.x86_64",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.src",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.x86_64"
],
"known_not_affected": [
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.src",
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.src",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.x86_64",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.src",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "RHBZ#2407258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407258"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://go.dev/cl/709861",
"url": "https://go.dev/cl/709861"
},
{
"category": "external",
"summary": "https://go.dev/issue/75677",
"url": "https://go.dev/issue/75677"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4014",
"url": "https://pkg.go.dev/vuln/GO-2025-4014"
}
],
"release_date": "2025-10-29T22:10:14.376000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-01T09:29:07+00:00",
"details": "For OpenShift Container Platform 4.17 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/release_notes/",
"product_ids": [
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.src",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.x86_64",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.src",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5866"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.src",
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.src",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.src",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.x86_64",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.src",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.src",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.src",
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.src",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.src",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.x86_64",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.src",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.src",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.src",
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.src",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.src",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.x86_64",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.src",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.src",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-01T09:29:07+00:00",
"details": "For OpenShift Container Platform 4.17 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/release_notes/",
"product_ids": [
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.src",
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.src",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.src",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.x86_64",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.src",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.src",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5866"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.src",
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.src",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.src",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.x86_64",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.src",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.src",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.src",
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.src",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.src",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.x86_64",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.src",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.src",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-01T09:29:07+00:00",
"details": "For OpenShift Container Platform 4.17 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/release_notes/",
"product_ids": [
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.src",
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.src",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.src",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.x86_64",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.src",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.src",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5866"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.src",
"8Base-RHOSE-4.17:containernetworking-plugins-1:1.4.0-8.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:containernetworking-plugins-debuginfo-1:1.4.0-8.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:containernetworking-plugins-debugsource-1:1.4.0-8.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.src",
"8Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.src",
"8Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el8.x86_64",
"8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.aarch64",
"8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.ppc64le",
"8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.s390x",
"8Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el8.x86_64",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.src",
"9Base-RHOSE-4.17:runc-4:1.2.9-4.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:runc-debuginfo-4:1.2.9-4.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:runc-debugsource-4:1.2.9-4.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.src",
"9Base-RHOSE-4.17:skopeo-2:1.16.1-5.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:skopeo-debuginfo-2:1.16.1-5.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:skopeo-debugsource-2:1.16.1-5.rhaos4.17.el9.x86_64",
"9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.aarch64",
"9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.ppc64le",
"9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.s390x",
"9Base-RHOSE-4.17:skopeo-tests-2:1.16.1-5.rhaos4.17.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
}
]
}
RHSA-2026:5968
Vulnerability from csaf_redhat - Published: 2026-03-26 19:47 - Updated: 2026-07-03 11:01A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch | — |
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch | — |
A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote code execution (RCE) on the system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64 | — |
Workaround
|
A flaw was found in foreman_kubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and OpenShift, to perform a Man-in-the-Middle (MITM) attack. Such an attack could lead to the disclosure or alteration of sensitive information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64 | — |
Workaround
|
A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating a malicious compute resource server, an attacker could achieve remote code execution on the Foreman server when a user accesses VM VNC console functionality. This could lead to the compromise of sensitive credentials and the entire managed infrastructure.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64 | — |
Workaround
|
A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sort_by parameter of the /api/hosts/bootc_images API endpoint. This can lead to a Denial of Service (DoS) by triggering database errors, and potentially enable Boolean-based Blind SQL injection, which could allow an attacker to extract sensitive information from the database.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A new release is now available for Red Hat Satellite 6.18 for RHEL 9.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Satellite is a system management solution that allows organizations\nto configure and maintain their systems without the necessity to provide\npublic Internet access to their servers or other client systems. It\nperforms provisioning and configuration management of predefined standard\noperating environments.\n\nSecurity Fix(es):\n\n* yggdrasil-worker-forwarder: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n* yggdrasil-worker-forwarder: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)\n* yggdrasil-worker-forwarder: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n* rubygem-rubyipmi: Remote Code Execution in rubyipmi via malicious BMC username (CVE-2026-0980)\n* rubygem-foreman_kubevirt: foreman_kubevirt: Man-in-the-Middle due to insecure default SSL verification (CVE-2026-1531)\n* foreman: Foreman: Remote Code Execution via command injection in WebSocket proxy (CVE-2026-1961)\n* rubygem-katello: Katello: Denial of Service and potential information disclosure via SQL injection (CVE-2026-4324)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5968",
"url": "https://access.redhat.com/errata/RHSA-2026:5968"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "SAT-41530",
"url": "https://issues.redhat.com/browse/SAT-41530"
},
{
"category": "external",
"summary": "SAT-42707",
"url": "https://issues.redhat.com/browse/SAT-42707"
},
{
"category": "external",
"summary": "SAT-42708",
"url": "https://issues.redhat.com/browse/SAT-42708"
},
{
"category": "external",
"summary": "SAT-42710",
"url": "https://issues.redhat.com/browse/SAT-42710"
},
{
"category": "external",
"summary": "SAT-42711",
"url": "https://issues.redhat.com/browse/SAT-42711"
},
{
"category": "external",
"summary": "SAT-42712",
"url": "https://issues.redhat.com/browse/SAT-42712"
},
{
"category": "external",
"summary": "SAT-42713",
"url": "https://issues.redhat.com/browse/SAT-42713"
},
{
"category": "external",
"summary": "SAT-42714",
"url": "https://issues.redhat.com/browse/SAT-42714"
},
{
"category": "external",
"summary": "SAT-42715",
"url": "https://issues.redhat.com/browse/SAT-42715"
},
{
"category": "external",
"summary": "SAT-42716",
"url": "https://issues.redhat.com/browse/SAT-42716"
},
{
"category": "external",
"summary": "SAT-42717",
"url": "https://issues.redhat.com/browse/SAT-42717"
},
{
"category": "external",
"summary": "SAT-42718",
"url": "https://issues.redhat.com/browse/SAT-42718"
},
{
"category": "external",
"summary": "SAT-43310",
"url": "https://issues.redhat.com/browse/SAT-43310"
},
{
"category": "external",
"summary": "SAT-43742",
"url": "https://issues.redhat.com/browse/SAT-43742"
},
{
"category": "external",
"summary": "SAT-43743",
"url": "https://issues.redhat.com/browse/SAT-43743"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5968.json"
}
],
"title": "Red Hat Security Advisory: Satellite 6.18.4 Async Update",
"tracking": {
"current_release_date": "2026-07-03T11:01:35+00:00",
"generator": {
"date": "2026-07-03T11:01:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:5968",
"initial_release_date": "2026-03-26T19:47:53+00:00",
"revision_history": [
{
"date": "2026-03-26T19:47:53+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-26T19:47:53+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-03T11:01:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Satellite 6.18 for RHEL 9",
"product": {
"name": "Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite:6.18::el9"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.18 for RHEL 9",
"product": {
"name": "Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-capsule",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_capsule:6.18::el9"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.18 for RHEL 9",
"product": {
"name": "Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-utils",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_utils:6.18::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Satellite 6"
},
{
"branches": [
{
"category": "product_version",
"name": "foreman-0:3.16.0.12-1.el9sat.src",
"product": {
"name": "foreman-0:3.16.0.12-1.el9sat.src",
"product_id": "foreman-0:3.16.0.12-1.el9sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman@3.16.0.12-1.el9sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "foreman-installer-1:3.16.0.6-1.el9sat.src",
"product": {
"name": "foreman-installer-1:3.16.0.6-1.el9sat.src",
"product_id": "foreman-installer-1:3.16.0.6-1.el9sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-installer@3.16.0.6-1.el9sat?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "python3.12-django-0:4.2.29-1.el9pc.src",
"product": {
"name": "python3.12-django-0:4.2.29-1.el9pc.src",
"product_id": "python3.12-django-0:4.2.29-1.el9pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-django@4.2.29-1.el9pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"product": {
"name": "python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"product_id": "python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-pulp-container@2.24.5-1.el9pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"product": {
"name": "python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"product_id": "python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-pulpcore@3.73.26-1.el9pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"product": {
"name": "python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"product_id": "python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-pulp-rpm@3.29.9-1.el9pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"product": {
"name": "rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"product_id": "rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_kubevirt@0.4.3-1.el9sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-katello-0:4.18.0.9-1.el9sat.src",
"product": {
"name": "rubygem-katello-0:4.18.0.9-1.el9sat.src",
"product_id": "rubygem-katello-0:4.18.0.9-1.el9sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-katello@4.18.0.9-1.el9sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"product": {
"name": "rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"product_id": "rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-rubyipmi@0.13.0-1.el9sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.18.4-2.el9sat.src",
"product": {
"name": "satellite-0:6.18.4-2.el9sat.src",
"product_id": "satellite-0:6.18.4-2.el9sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.18.4-2.el9sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"product": {
"name": "yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"product_id": "yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-worker-forwarder@0.0.3-4.el9sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"product": {
"name": "rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"product_id": "rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_rh_cloud@12.2.17-1.el9sat?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"product": {
"name": "foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"product_id": "foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-cli@3.16.0.12-1.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"product": {
"name": "foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"product_id": "foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-debug@3.16.0.12-1.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"product": {
"name": "foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"product_id": "foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-pcp@3.16.0.12-1.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-0:3.16.0.12-1.el9sat.noarch",
"product": {
"name": "foreman-0:3.16.0.12-1.el9sat.noarch",
"product_id": "foreman-0:3.16.0.12-1.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman@3.16.0.12-1.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"product": {
"name": "foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"product_id": "foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-dynflow-sidekiq@3.16.0.12-1.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"product": {
"name": "foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"product_id": "foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-ec2@3.16.0.12-1.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"product": {
"name": "foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"product_id": "foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-journald@3.16.0.12-1.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"product": {
"name": "foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"product_id": "foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-libvirt@3.16.0.12-1.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"product": {
"name": "foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"product_id": "foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-openstack@3.16.0.12-1.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"product": {
"name": "foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"product_id": "foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-postgresql@3.16.0.12-1.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"product": {
"name": "foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"product_id": "foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-redis@3.16.0.12-1.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-service-0:3.16.0.12-1.el9sat.noarch",
"product": {
"name": "foreman-service-0:3.16.0.12-1.el9sat.noarch",
"product_id": "foreman-service-0:3.16.0.12-1.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-service@3.16.0.12-1.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"product": {
"name": "foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"product_id": "foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-telemetry@3.16.0.12-1.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"product": {
"name": "foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"product_id": "foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-vmware@3.16.0.12-1.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"product": {
"name": "foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"product_id": "foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-installer@3.16.0.6-1.el9sat?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"product": {
"name": "foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"product_id": "foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-installer-katello@3.16.0.6-1.el9sat?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "python3.12-django-0:4.2.29-1.el9pc.noarch",
"product": {
"name": "python3.12-django-0:4.2.29-1.el9pc.noarch",
"product_id": "python3.12-django-0:4.2.29-1.el9pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-django@4.2.29-1.el9pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"product": {
"name": "python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"product_id": "python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-pulp-container@2.24.5-1.el9pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"product": {
"name": "python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"product_id": "python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-pulpcore@3.73.26-1.el9pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"product": {
"name": "python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"product_id": "python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-pulp-rpm@3.29.9-1.el9pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"product": {
"name": "rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"product_id": "rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_kubevirt@0.4.3-1.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"product": {
"name": "rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"product_id": "rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-katello@4.18.0.9-1.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"product": {
"name": "rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"product_id": "rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-rubyipmi@0.13.0-1.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-cli-0:6.18.4-2.el9sat.noarch",
"product": {
"name": "satellite-cli-0:6.18.4-2.el9sat.noarch",
"product_id": "satellite-cli-0:6.18.4-2.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-cli@6.18.4-2.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-capsule-0:6.18.4-2.el9sat.noarch",
"product": {
"name": "satellite-capsule-0:6.18.4-2.el9sat.noarch",
"product_id": "satellite-capsule-0:6.18.4-2.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-capsule@6.18.4-2.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-common-0:6.18.4-2.el9sat.noarch",
"product": {
"name": "satellite-common-0:6.18.4-2.el9sat.noarch",
"product_id": "satellite-common-0:6.18.4-2.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-common@6.18.4-2.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"product": {
"name": "satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"product_id": "satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-obsolete-packages@6.18.4-2.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.18.4-2.el9sat.noarch",
"product": {
"name": "satellite-0:6.18.4-2.el9sat.noarch",
"product_id": "satellite-0:6.18.4-2.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.18.4-2.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"product": {
"name": "rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"product_id": "rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_rh_cloud@12.2.17-1.el9sat?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64",
"product": {
"name": "yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64",
"product_id": "yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-worker-forwarder@0.0.3-4.el9sat?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.16.0.12-1.el9sat.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src"
},
"product_reference": "foreman-0:3.16.0.12-1.el9sat.src",
"relates_to_product_reference": "9Base-satellite-6.18-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.16.0.12-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch"
},
"product_reference": "foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-1:3.16.0.6-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch"
},
"product_reference": "foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-1:3.16.0.6-1.el9sat.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src"
},
"product_reference": "foreman-installer-1:3.16.0.6-1.el9sat.src",
"relates_to_product_reference": "9Base-satellite-6.18-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch"
},
"product_reference": "foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-pcp-0:3.16.0.12-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch"
},
"product_reference": "foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-django-0:4.2.29-1.el9pc.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch"
},
"product_reference": "python3.12-django-0:4.2.29-1.el9pc.noarch",
"relates_to_product_reference": "9Base-satellite-6.18-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-django-0:4.2.29-1.el9pc.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src"
},
"product_reference": "python3.12-django-0:4.2.29-1.el9pc.src",
"relates_to_product_reference": "9Base-satellite-6.18-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-pulp-container-0:2.24.5-1.el9pc.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch"
},
"product_reference": "python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"relates_to_product_reference": "9Base-satellite-6.18-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-pulp-container-0:2.24.5-1.el9pc.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src"
},
"product_reference": "python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"relates_to_product_reference": "9Base-satellite-6.18-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch"
},
"product_reference": "python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"relates_to_product_reference": "9Base-satellite-6.18-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-pulp-rpm-0:3.29.9-1.el9pc.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src"
},
"product_reference": "python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"relates_to_product_reference": "9Base-satellite-6.18-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-pulpcore-0:3.73.26-1.el9pc.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch"
},
"product_reference": "python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"relates_to_product_reference": "9Base-satellite-6.18-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-pulpcore-0:3.73.26-1.el9pc.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src"
},
"product_reference": "python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"relates_to_product_reference": "9Base-satellite-6.18-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch"
},
"product_reference": "rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rubyipmi-0:0.13.0-1.el9sat.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src"
},
"product_reference": "rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"relates_to_product_reference": "9Base-satellite-6.18-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.18.4-2.el9sat.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src"
},
"product_reference": "satellite-0:6.18.4-2.el9sat.src",
"relates_to_product_reference": "9Base-satellite-6.18-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.18.4-2.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch"
},
"product_reference": "satellite-capsule-0:6.18.4-2.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.18.4-2.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch"
},
"product_reference": "satellite-common-0:6.18.4-2.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch"
},
"product_reference": "satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.16.0.12-1.el9sat.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src"
},
"product_reference": "foreman-0:3.16.0.12-1.el9sat.src",
"relates_to_product_reference": "9Base-satellite-6.18-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.16.0.12-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch"
},
"product_reference": "foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.18.4-2.el9sat.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src"
},
"product_reference": "satellite-0:6.18.4-2.el9sat.src",
"relates_to_product_reference": "9Base-satellite-6.18-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.18.4-2.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch"
},
"product_reference": "satellite-cli-0:6.18.4-2.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.16.0.12-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch"
},
"product_reference": "foreman-0:3.16.0.12-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.16.0.12-1.el9sat.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src"
},
"product_reference": "foreman-0:3.16.0.12-1.el9sat.src",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.16.0.12-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch"
},
"product_reference": "foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.16.0.12-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch"
},
"product_reference": "foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.16.0.12-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch"
},
"product_reference": "foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-1:3.16.0.6-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch"
},
"product_reference": "foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-1:3.16.0.6-1.el9sat.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src"
},
"product_reference": "foreman-installer-1:3.16.0.6-1.el9sat.src",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch"
},
"product_reference": "foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.16.0.12-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch"
},
"product_reference": "foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.16.0.12-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.16.0.12-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch"
},
"product_reference": "foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-pcp-0:3.16.0.12-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch"
},
"product_reference": "foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.16.0.12-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-redis-0:3.16.0.12-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch"
},
"product_reference": "foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.16.0.12-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch"
},
"product_reference": "foreman-service-0:3.16.0.12-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.16.0.12-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.16.0.12-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch"
},
"product_reference": "foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-django-0:4.2.29-1.el9pc.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch"
},
"product_reference": "python3.12-django-0:4.2.29-1.el9pc.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-django-0:4.2.29-1.el9pc.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src"
},
"product_reference": "python3.12-django-0:4.2.29-1.el9pc.src",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-pulp-container-0:2.24.5-1.el9pc.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch"
},
"product_reference": "python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-pulp-container-0:2.24.5-1.el9pc.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src"
},
"product_reference": "python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch"
},
"product_reference": "python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-pulp-rpm-0:3.29.9-1.el9pc.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src"
},
"product_reference": "python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-pulpcore-0:3.73.26-1.el9pc.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch"
},
"product_reference": "python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-pulpcore-0:3.73.26-1.el9pc.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src"
},
"product_reference": "python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch"
},
"product_reference": "rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src"
},
"product_reference": "rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch"
},
"product_reference": "rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src"
},
"product_reference": "rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-katello-0:4.18.0.9-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch"
},
"product_reference": "rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-katello-0:4.18.0.9-1.el9sat.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src"
},
"product_reference": "rubygem-katello-0:4.18.0.9-1.el9sat.src",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch"
},
"product_reference": "rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rubyipmi-0:0.13.0-1.el9sat.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src"
},
"product_reference": "rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.18.4-2.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch"
},
"product_reference": "satellite-0:6.18.4-2.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.18.4-2.el9sat.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src"
},
"product_reference": "satellite-0:6.18.4-2.el9sat.src",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.18.4-2.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch"
},
"product_reference": "satellite-cli-0:6.18.4-2.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.18.4-2.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch"
},
"product_reference": "satellite-common-0:6.18.4-2.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch"
},
"product_reference": "satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src"
},
"product_reference": "yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64 as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
},
"product_reference": "yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64",
"relates_to_product_reference": "9Base-satellite-6.18"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
],
"known_not_affected": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T19:47:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.18/html/updating_red_hat_satellite/index",
"product_ids": [
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5968"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
],
"known_not_affected": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T19:47:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.18/html/updating_red_hat_satellite/index",
"product_ids": [
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5968"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
],
"known_not_affected": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T19:47:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.18/html/updating_red_hat_satellite/index",
"product_ids": [
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5968"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-0980",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-01-15T08:50:01.841000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2429874"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote code execution (RCE) on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubyipmi: Red Hat Satellite: Remote Code Execution in rubyipmi via malicious BMC username",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat Satellite because it requires the BMC component to be enabled and configured to use `ipmitool` as the IPMI implementation. An authenticated attacker with host creation or update permissions can exploit this by crafting a malicious BMC username. Exploitation is limited to environments meeting these specific configuration and permission requirements.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src"
],
"known_not_affected": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-0980"
},
{
"category": "external",
"summary": "RHBZ#2429874",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429874"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-0980",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0980"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-0980",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0980"
}
],
"release_date": "2020-01-15T08:08:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T19:47:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.18/html/updating_red_hat_satellite/index",
"product_ids": [
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5968"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubyipmi: Red Hat Satellite: Remote Code Execution in rubyipmi via malicious BMC username"
},
{
"acknowledgments": [
{
"names": [
"Evgeni Golov"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2026-1531",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-01-28T12:50:13.269000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2433786"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in foreman_kubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and OpenShift, to perform a Man-in-the-Middle (MITM) attack. Such an attack could lead to the disclosure or alteration of sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "foreman-kubevirt: foreman_kubevirt: Man-in-the-Middle due to insecure default SSL verification",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an IMPORTANT flaw in foreman_kubevirt where the default configuration for connecting to OpenShift disables SSL verification if a CA certificate is not explicitly provided. This insecure default allows a remote attacker to perform a Man-in-the-Middle attack by intercepting network traffic between Satellite and OpenShift, potentially leading to information disclosure or alteration.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src"
],
"known_not_affected": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1531"
},
{
"category": "external",
"summary": "RHBZ#2433786",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433786"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1531",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1531"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1531",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1531"
}
],
"release_date": "2026-01-28T12:34:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T19:47:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.18/html/updating_red_hat_satellite/index",
"product_ids": [
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5968"
},
{
"category": "workaround",
"details": "To mitigate this issue, ensure that a Certificate Authority (CA) certificate is explicitly configured when setting up the connection to OpenShift in foreman_kubevirt. This will enable SSL verification and prevent Man-in-the-Middle attacks. Refer to the foreman_kubevirt documentation for specific instructions on configuring CA certificates. A restart or service reload may be required for the changes to take effect.",
"product_ids": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "foreman-kubevirt: foreman_kubevirt: Man-in-the-Middle due to insecure default SSL verification"
},
{
"acknowledgments": [
{
"names": [
"Houssam Sahli"
]
}
],
"cve": "CVE-2026-1961",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-02-05T10:40:57.141000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437036"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman\u0027s WebSocket proxy implementation. This vulnerability arises from the system\u0027s use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating a malicious compute resource server, an attacker could achieve remote code execution on the Foreman server when a user accesses VM VNC console functionality. This could lead to the compromise of sensitive credentials and the entire managed infrastructure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "forman: Foreman: Remote Code Execution via command injection in WebSocket proxy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue was rated as Important. Command injection vulnerability in Foreman\u0027s WebSocket proxy. Exploitation occurs when an administrator configures a malicious compute resource server and subsequently accesses its VM console functionality. Successful exploitation can lead to remote code execution on the Foreman server, potentially compromising sensitive credentials and the entire managed infrastructure.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch"
],
"known_not_affected": [
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1961"
},
{
"category": "external",
"summary": "RHBZ#2437036",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437036"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1961",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1961"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1961",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1961"
}
],
"release_date": "2026-03-26T12:30:45.446000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T19:47:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.18/html/updating_red_hat_satellite/index",
"product_ids": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5968"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "forman: Foreman: Remote Code Execution via command injection in WebSocket proxy"
},
{
"cve": "CVE-2026-4324",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2026-03-17T12:28:40.127000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448349"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sort_by parameter of the /api/hosts/bootc_images API endpoint. This can lead to a Denial of Service (DoS) by triggering database errors, and potentially enable Boolean-based Blind SQL injection, which could allow an attacker to extract sensitive information from the database.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-katello: Katello: Denial of Service and potential information disclosure via SQL injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in the Katello plugin for Red Hat Satellite allows an attacker to inject arbitrary SQL commands into the `/api/hosts/bootc_images` API endpoint. By manipulating the `sort_by` parameter, an attacker could trigger database errors, cause a Denial of Service, or potentially perform Boolean-based Blind SQL injection. This affects Red Hat Satellite installations utilizing the Katello plugin.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src"
],
"known_not_affected": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4324"
},
{
"category": "external",
"summary": "RHBZ#2448349",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448349"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4324",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4324"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4324",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4324"
}
],
"release_date": "2026-03-17T13:18:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T19:47:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.18/html/updating_red_hat_satellite/index",
"product_ids": [
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5968"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-katello: Katello: Denial of Service and potential information disclosure via SQL injection"
}
]
}
RHSA-2026:6184
Vulnerability from csaf_redhat - Published: 2026-03-30 13:41 - Updated: 2026-07-03 11:01A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64 | — |
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64 | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Data Foundation 4.19.13 security, enhancement \u0026 bug fix update",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Data Foundation 4.19.13 security, enhancement \u0026 bug fix update.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:6184",
"url": "https://access.redhat.com/errata/RHSA-2026:6184"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/",
"url": "https://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_6184.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.19.13 security, enhancement \u0026 bug fix update",
"tracking": {
"current_release_date": "2026-07-03T11:01:35+00:00",
"generator": {
"date": "2026-07-03T11:01:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:6184",
"initial_release_date": "2026-03-30T13:41:49+00:00",
"revision_history": [
{
"date": "2026-03-30T13:41:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-16T09:34:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-03T11:01:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Openshift Data Foundation 4.19",
"product": {
"name": "Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_data_foundation:4.19::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Openshift Data Foundation"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9@sha256%3A5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379712"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9-operator@sha256%3Ae527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379710"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64",
"product_id": "registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-operator-bundle@sha256%3A1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774439398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64",
"product": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64",
"product_id": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel9@sha256%3A9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379660"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64",
"product": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64",
"product_id": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel9-operator@sha256%3A44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379768"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64",
"product": {
"name": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64",
"product_id": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-operator-bundle@sha256%3A09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774439399"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64",
"product_id": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-console-rhel9@sha256%3A30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774432831"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64",
"product_id": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-rhel9-operator@sha256%3A07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379856"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64",
"product_id": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-operator-bundle@sha256%3A74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774439387"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64",
"product_id": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-metrics-exporter-rhel9@sha256%3Aa3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379911"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64",
"product_id": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel9-operator@sha256%3Aea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379915"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64",
"product_id": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256%3A7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774439395"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64",
"product_id": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-cli-rhel9@sha256%3A03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379986"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64",
"product_id": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-cloudnative-pg-rhel9-operator@sha256%3Ae41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379972"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64",
"product_id": "registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel9@sha256%3A88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380550"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64",
"product_id": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-cosi-sidecar-rhel9@sha256%3Ab900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380042"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256%3Aee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380111"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-operator-bundle@sha256%3Abed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774439399"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256%3A1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380106"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64",
"product_id": "registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-dependencies-operator-bundle@sha256%3Abb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774439410"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64",
"product_id": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-console-rhel9@sha256%3A0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380582"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64",
"product_id": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256%3Ad5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380190"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64",
"product_id": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-operator-bundle@sha256%3Ab865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774439406"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64",
"product_id": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-must-gather-rhel9@sha256%3A5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380303"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64",
"product_id": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel9-operator@sha256%3A521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380423"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64",
"product_id": "registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-operator-bundle@sha256%3A1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774439415"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64",
"product_id": "registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-prometheus-operator-bundle@sha256%3A05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774439421"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64",
"product": {
"name": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64",
"product_id": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-cluster-operator-bundle@sha256%3A146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774439418"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64",
"product": {
"name": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64",
"product_id": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-hub-operator-bundle@sha256%3A0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774439430"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64",
"product": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64",
"product_id": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel9-operator@sha256%3A781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380409"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64",
"product": {
"name": "registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64",
"product_id": "registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-recipe-operator-bundle@sha256%3A527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774439451"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64",
"product": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64",
"product_id": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel9-operator@sha256%3Abd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380526"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64",
"product": {
"name": "registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64",
"product_id": "registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-operator-bundle@sha256%3A6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774439437"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9@sha256%3A6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379712"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9-operator@sha256%3A7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379710"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le",
"product_id": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel9@sha256%3A8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379660"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le",
"product_id": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel9-operator@sha256%3A151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379768"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le",
"product_id": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-console-rhel9@sha256%3A05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774432831"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le",
"product_id": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-rhel9-operator@sha256%3A008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379856"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le",
"product_id": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-metrics-exporter-rhel9@sha256%3A077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379911"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le",
"product_id": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel9-operator@sha256%3A696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379915"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-cli-rhel9@sha256%3A58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379986"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-cloudnative-pg-rhel9-operator@sha256%3A65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379972"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel9@sha256%3A10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380550"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-cosi-sidecar-rhel9@sha256%3A093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380042"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256%3Ab481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380111"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256%3A3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380106"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-console-rhel9@sha256%3A7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380582"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256%3Af6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380190"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-must-gather-rhel9@sha256%3A52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380303"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel9-operator@sha256%3A49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380423"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le",
"product_id": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel9-operator@sha256%3Adf81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380409"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le",
"product_id": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel9-operator@sha256%3A172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380526"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9@sha256%3Ab8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379712"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9-operator@sha256%3Ae957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379710"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x",
"product": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x",
"product_id": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel9@sha256%3A081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379660"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x",
"product": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x",
"product_id": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel9-operator@sha256%3Aacdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379768"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x",
"product_id": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-console-rhel9@sha256%3A5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774432831"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x",
"product_id": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-rhel9-operator@sha256%3A1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379856"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x",
"product": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x",
"product_id": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-metrics-exporter-rhel9@sha256%3A882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379911"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x",
"product": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x",
"product_id": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel9-operator@sha256%3A6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379915"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x",
"product_id": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-cli-rhel9@sha256%3Ab5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379986"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x",
"product_id": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-cloudnative-pg-rhel9-operator@sha256%3Ae03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379972"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x",
"product_id": "registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel9@sha256%3A059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380550"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x",
"product_id": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-cosi-sidecar-rhel9@sha256%3A2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380042"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256%3Ab5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380111"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256%3Abf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380106"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x",
"product_id": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-console-rhel9@sha256%3A7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380582"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x",
"product_id": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256%3A77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380190"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x",
"product_id": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-must-gather-rhel9@sha256%3A2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380303"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x",
"product_id": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel9-operator@sha256%3Aee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380423"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x",
"product": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x",
"product_id": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel9-operator@sha256%3A5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380409"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x",
"product": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x",
"product_id": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel9-operator@sha256%3A4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380526"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9-operator@sha256%3A15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379710"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64",
"product": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64",
"product_id": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel9-operator@sha256%3A9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379768"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64",
"product_id": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-console-rhel9@sha256%3A49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774432831"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64",
"product_id": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-rhel9-operator@sha256%3A1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379856"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64",
"product": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64",
"product_id": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-metrics-exporter-rhel9@sha256%3A26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379911"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64",
"product": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64",
"product_id": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel9-operator@sha256%3Aa04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379915"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64",
"product_id": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-cli-rhel9@sha256%3A3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379986"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64",
"product_id": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-cloudnative-pg-rhel9-operator@sha256%3A1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379972"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64",
"product_id": "registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel9@sha256%3A8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380550"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64",
"product_id": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-cosi-sidecar-rhel9@sha256%3Aef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380042"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256%3A5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380111"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256%3Aae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380106"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64",
"product_id": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-console-rhel9@sha256%3Af05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380582"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64",
"product_id": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256%3A9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380190"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64",
"product_id": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-must-gather-rhel9@sha256%3Ada49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380303"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64",
"product_id": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel9-operator@sha256%3A1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380423"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64",
"product": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64",
"product_id": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel9-operator@sha256%3A3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380409"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64",
"product": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64",
"product_id": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel9-operator@sha256%3Aa9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380526"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x"
},
"product_reference": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64"
},
"product_reference": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64"
},
"product_reference": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64"
},
"product_reference": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64"
},
"product_reference": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x"
},
"product_reference": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64"
},
"product_reference": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x"
},
"product_reference": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x"
},
"product_reference": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64"
},
"product_reference": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64"
},
"product_reference": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64"
},
"product_reference": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64"
},
"product_reference": "registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64"
},
"product_reference": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x"
},
"product_reference": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64"
},
"product_reference": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64"
},
"product_reference": "registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x"
},
"product_reference": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64"
},
"product_reference": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64"
},
"product_reference": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64"
],
"known_not_affected": [
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T13:41:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/4.19/html/updating_openshift_data_foundation/updating-ocs-to-odf_rhodf",
"product_ids": [
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6184"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64"
],
"known_not_affected": [
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T13:41:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/4.19/html/updating_openshift_data_foundation/updating-ocs-to-odf_rhodf",
"product_ids": [
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6184"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
}
]
}
RHSA-2026:6192
Vulnerability from csaf_redhat - Published: 2026-03-30 15:41 - Updated: 2026-07-03 11:01A flaw was found in Lodash. A prototype pollution vulnerability in the _.unset and _.omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Workaround
|
A flaw was found in Traefik's plugin installation mechanism. This vulnerability allows remote code execution, privilege escalation, persistence, or application-level denial of service via a crafted ZIP archive exploiting a path traversal vector.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Workaround
|
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Workaround
|
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
A flaw was found in glob. This vulnerability allows arbitrary command execution via processing files with malicious names when the glob command-line interface (CLI) is used with the -c/--cmd option, enabling shell metacharacters to trigger command injection.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Workaround
|
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Workaround
|
A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Workaround
|
A flaw was found in Traefik, an HTTP reverse proxy and load balancer. This vulnerability exists in the ACME TLS-ALPN fast path, where unauthenticated clients can exploit it. By initiating numerous connections and sending a minimal ClientHello with "acme-tls/1" before ceasing communication, a malicious client can indefinitely tie up system resources such as "go routines" (lightweight threads) and file descriptors. This leads to a Denial of Service (DoS) of the entry point, making the service unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Workaround
|
A flaw was found in the node-tar library. This vulnerability allows an attacker to craft malicious archives that, when extracted, can bypass intended security restrictions. This leads to arbitrary file overwrite and symlink poisoning, potentially allowing unauthorized modification of files on the system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Workaround
|
A flaw was found in node-tar, a library for Node.js. This race condition vulnerability occurs due to incomplete handling of Unicode path collisions within the `path-reservations` system on case-insensitive filesystems, such as macOS APFS. A remote attacker can exploit this by providing a specially crafted tar archive containing filenames that cause these collisions, bypassing internal concurrency safeguards. Successful exploitation can lead to arbitrary file overwrite.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Workaround
|
A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Workaround
|
A flaw was found in node-tar, a Node.js module for handling TAR archives. This vulnerability allows a remote attacker to bypass path traversal protections by crafting a malicious TAR archive. The security check for hardlink entries uses different path resolution logic than the actual hardlink creation, enabling the attacker to create hardlinks to arbitrary files outside the intended extraction directory. This could lead to unauthorized information disclosure or further system compromise.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Workaround
|
A flaw was found in Fastify, a web framework for Node.js. A remote attacker can exploit a validation bypass vulnerability by appending a tab character followed by arbitrary content to the Content-Type header. This circumvents the request body validation schemas, allowing the server to process the body as the original content type without proper validation. This could lead to unexpected data processing and potential integrity impact.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Workaround
|
A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Workaround
|
A flaw was found in Traefik, an HTTP reverse proxy and load balancer. An unauthenticated client can exploit this vulnerability by sending a specific 8-byte Postgres SSLRequest (STARTTLS) prelude and then intentionally delaying further communication. This action bypasses Traefik's configured read timeouts, causing connections to remain open indefinitely. The primary consequence is a Denial of Service, as the server's resources become exhausted by these persistent, non-responsive connections.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
A flaw was found in node-tar. An attacker can craft a malicious archive that, when extracted with default options, creates a hardlink outside the intended extraction directory. This vulnerability allows the attacker to perform arbitrary file read and write operations as the user extracting the archive, bypassing existing path protections. This can lead to unauthorized access and modification of sensitive system files.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Workaround
|
A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Dev Spaces 3.27.0 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.\nThe 3.27 release is based on Eclipse Che 7.115 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.\nUsers still using the v1 standard should migrate as soon as possible.\nhttps://devfile.io/docs/2.2.0/migrating-to-devfile-v2\nDev Spaces supports OpenShift EUS releases v4.16 and higher. Users are expected to update to supported OpenShift releases in order to continue to get Dev Spaces updates.\nhttps://access.redhat.com/support/policy/updates/openshift#crw",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:6192",
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.27/html/administration_guide/installing-devspaces",
"url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.27/html/administration_guide/installing-devspaces"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-13465",
"url": "https://access.redhat.com/security/cve/CVE-2025-13465"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-54386",
"url": "https://access.redhat.com/security/cve/CVE-2025-54386"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-64756",
"url": "https://access.redhat.com/security/cve/CVE-2025-64756"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-69873",
"url": "https://access.redhat.com/security/cve/CVE-2025-69873"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-1002",
"url": "https://access.redhat.com/security/cve/CVE-2026-1002"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-22045",
"url": "https://access.redhat.com/security/cve/CVE-2026-22045"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-23745",
"url": "https://access.redhat.com/security/cve/CVE-2026-23745"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-23950",
"url": "https://access.redhat.com/security/cve/CVE-2026-23950"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-24049",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-24842",
"url": "https://access.redhat.com/security/cve/CVE-2026-24842"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25223",
"url": "https://access.redhat.com/security/cve/CVE-2026-25223"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25639",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25949",
"url": "https://access.redhat.com/security/cve/CVE-2026-25949"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26960",
"url": "https://access.redhat.com/security/cve/CVE-2026-26960"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26996",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_6192.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.27.0 Release.",
"tracking": {
"current_release_date": "2026-07-03T11:01:36+00:00",
"generator": {
"date": "2026-07-03T11:01:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:6192",
"initial_release_date": "2026-03-30T15:41:48+00:00",
"revision_history": [
{
"date": "2026-03-30T15:41:48+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-30T15:41:53+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-03T11:01:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Dev Spaces 3.27",
"product": {
"name": "Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_devspaces:3.27::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Dev Spaces"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3Adf538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774070844"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3A1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774448966"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3Ad0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774422248"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3A87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774155063"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3A2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774476526"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3A49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774587761"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3A4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774414236"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"product": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"product_id": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-redirector-rhel9@sha256%3Ab260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775028"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3A4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775064"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3A5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774607447"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3Ade4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775544"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3A62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774228740"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3A12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774227265"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3A58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774451954"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel10@sha256%3A113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774143680"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3A3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774070844"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3A650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774448966"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3Aca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774422248"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3Ad160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774155063"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3Aff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774476526"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3A582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774587761"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3A2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774414236"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"product_id": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-redirector-rhel9@sha256%3A70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775028"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3Ab47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775064"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3Ab98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774607447"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3Addbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775544"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3A4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774228740"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3Ae9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774227265"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3Af6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774451954"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel10@sha256%3Adb2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774143680"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3A5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774070844"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3Acad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774448966"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3A6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774422248"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3Aacaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774155063"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3A272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774476526"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3A8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774587761"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3A0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774414236"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"product": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"product_id": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-redirector-rhel9@sha256%3Ac82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775028"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3Aaae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775064"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3Ab317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774607447"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3A31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775544"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3Ac51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774228740"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3Ab5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774227265"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3A8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774451954"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel10@sha256%3A84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774143680"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3A1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774448966"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3Aed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774422248"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3A81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774155063"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3Ae139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774476526"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3A0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774587761"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3Aed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774414236"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"product": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"product_id": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-redirector-rhel9@sha256%3Aef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775028"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3A49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775064"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3A6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774607447"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"product_id": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256%3Ad25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774609756"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3Ab6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775544"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3A782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774228740"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3A3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774227265"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3Acef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774451954"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel10@sha256%3Ae5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774143680"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3Ae095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774070844"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x"
},
"product_reference": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64"
},
"product_reference": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64"
},
"product_reference": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-13465",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2026-01-21T20:01:28.774829+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431740"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Lodash. A prototype pollution vulnerability in the _.unset and _.omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "lodash: prototype pollution in _.unset and _.omit functions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is only exploitable by applications using the _.unset and _.omit functions on an object and allowing user input to determine the path of the property to be removed. This issue only allows the deletion of properties but does not allow overwriting their behavior, limiting the impact to a denial of service. Due to this reason, this vulnerability has been rated with an important severity.\n\nIn Grafana, JavaScript code runs only in the browser, while the server side is all Golang. Therefore, the worst-case scenario is a loss of functionality in the client application inside the browser. To reflect this, the CVSS availability metric and the severity of the Grafana and the Grafana-PCP component have been updated to low and moderate, respectively.\n\nThe lodash dependency is bundled and used by the pcs-web-ui component of the PCS package. In Red Hat Enterprise Linux 8.10, the pcs-web-ui component is no longer included in the PCS package. As a result, RHEL 8.10 does not ship the vulnerable lodash component within PCS and is therefore not-affected by this CVE.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-13465"
},
{
"category": "external",
"summary": "RHBZ#2431740",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431740"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-13465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13465",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13465"
},
{
"category": "external",
"summary": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg",
"url": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg"
}
],
"release_date": "2026-01-21T19:05:28.846000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement strict input validation before passing any property paths to the _.unset and _.omit functions to block attempts to access the prototype chain. Ensure that strings like __proto__, constructor and prototype are blocked, for example.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "lodash: prototype pollution in _.unset and _.omit functions"
},
{
"cve": "CVE-2025-54386",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-08-02T00:00:54.513784+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2386070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Traefik\u0027s plugin installation mechanism. This vulnerability allows remote code execution, privilege escalation, persistence, or application-level denial of service via a crafted ZIP archive exploiting a path traversal vector.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "traefik: Traefik\u0027s Client Plugin is Vulnerable to Path Traversal, Arbitrary File Overwrites and Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-54386"
},
{
"category": "external",
"summary": "RHBZ#2386070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2386070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-54386",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54386"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-54386",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54386"
},
{
"category": "external",
"summary": "https://github.com/traefik/plugin-service/pull/71",
"url": "https://github.com/traefik/plugin-service/pull/71"
},
{
"category": "external",
"summary": "https://github.com/traefik/plugin-service/pull/72",
"url": "https://github.com/traefik/plugin-service/pull/72"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/commit/5ef853a0c53068f69a6c229a5815a0dc6e0a8800",
"url": "https://github.com/traefik/traefik/commit/5ef853a0c53068f69a6c229a5815a0dc6e0a8800"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/pull/11911",
"url": "https://github.com/traefik/traefik/pull/11911"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/releases/tag/v2.11.28",
"url": "https://github.com/traefik/traefik/releases/tag/v2.11.28"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/security/advisories/GHSA-q6gg-9f92-r9wg",
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-q6gg-9f92-r9wg"
}
],
"release_date": "2025-08-01T23:32:21.747000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "traefik: Traefik\u0027s Client Plugin is Vulnerable to Path Traversal, Arbitrary File Overwrites and Remote Code Execution"
},
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-64756",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2025-11-17T18:01:28.077927+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2415451"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in glob. This vulnerability allows arbitrary command execution via processing files with malicious names when the glob command-line interface (CLI) is used with the -c/--cmd option, enabling shell metacharacters to trigger command injection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glob: glob: Command Injection Vulnerability via Malicious Filenames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in glob allows arbitrary command execution when the `glob` command-line interface is used with the `-c/--cmd` option to process files with malicious names. The vulnerability is triggered by shell metacharacters in filenames, leading to command injection. The glob CLI tool utilizes the -c option to execute shell commands over the files which matched the searched pattern by using the shell:true parameter when creating the subprocess which will further execute the command informed via \u0027-c\u0027 option, this parameter allows the shell meta characters to be used and processed when executing the command. Given that information glob misses to sanitize the file name to eliminate such characters and expressions from the filename, leading to code execution as when performing the shell expansion such characters will be interpreted as shell commands.\n\nTo exploit this vulnerability the targeted system should run the glob CLI over a file with a maliciously crafted filename, additionally the attacker needs to have enough permission to create such file or trick the user to download and process the required file with the glob CLI.\n\nThis flaw is present in the command line interface of the nodejs-glob package. When the package is used by npm, the command line interface is not used at all, so it cannot be triggered. However, the command line interface implementation is still present on the system, but not directly exposed to the user\u0027s $PATH. To reflect this condition, nodejs packages have been rated with a low severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64756"
},
{
"category": "external",
"summary": "RHBZ#2415451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415451"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146",
"url": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2",
"url": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2"
}
],
"release_date": "2025-11-17T17:29:08.029000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using the `glob` command-line interface with the `-c` or `--cmd` option when processing filenames from untrusted sources. If programmatic use of `glob` is necessary, ensure that filenames are thoroughly sanitized before being passed to commands executed with shell interpretation enabled.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "glob: glob: Command Injection Vulnerability via Malicious Filenames"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2025-69873",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-11T19:01:32.953264+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ajv: ReDoS via $data reference",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, the $data option must be enabled and the attacker needs to be able to send a payload with a specially crafted regular expression to the application processing the input. A 31-character payload causes approximately 44 seconds of execution, with each additional character doubling the execution time. Therefore, even a small payload can cause an application to become unresponsive and eventually result in a denial of service. Due to this reason, this flaw has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69873"
},
{
"category": "external",
"summary": "RHBZ#2439070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873"
},
{
"category": "external",
"summary": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md",
"url": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md"
}
],
"release_date": "2026-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable the $data feature if your application does not require it. If $data must be used, implement strict validation of the input fields that are referenced by the pattern keyword to ensure they contain only expected and safe characters.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ajv: ReDoS via $data reference"
},
{
"cve": "CVE-2026-1002",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2026-01-15T21:03:20.088599+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430180"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability allows a remote attacker to block access to specific static files, such as images, CSS or HTML files. However, the underlying Vert.x server, the API endpoints and other non-cached resources are not affected. Due to this reason, this issue has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1002"
},
{
"category": "external",
"summary": "RHBZ#2430180",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430180"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1002",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1002"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1002",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1002"
},
{
"category": "external",
"summary": "https://github.com/eclipse-vertx/vert.x/pull/5895",
"url": "https://github.com/eclipse-vertx/vert.x/pull/5895"
}
],
"release_date": "2026-01-15T20:50:25.642000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, consider disabling the static handler cache by configuring the StaticHandler instance with setCachingEnabled(false), for example:\n\n~~~\nStaticHandler staticHandler = StaticHandler.create().setCachingEnabled(false);\n~~~",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files"
},
{
"cve": "CVE-2026-22045",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-15T23:01:12.589198+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430198"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Traefik, an HTTP reverse proxy and load balancer. This vulnerability exists in the ACME TLS-ALPN fast path, where unauthenticated clients can exploit it. By initiating numerous connections and sending a minimal ClientHello with \"acme-tls/1\" before ceasing communication, a malicious client can indefinitely tie up system resources such as \"go routines\" (lightweight threads) and file descriptors. This leads to a Denial of Service (DoS) of the entry point, making the service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "traefik: Traefik: Denial of Service via ACME TLS-ALPN fast path resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat. In the Red Hat context, this flaw affects Traefik as deployed in Red Hat OpenShift Dev Spaces. An unauthenticated attacker can exploit the ACME TLS-ALPN fast path to exhaust system resources, leading to a denial of service of the entry point.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22045"
},
{
"category": "external",
"summary": "RHBZ#2430198",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430198"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22045"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22045",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22045"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/commit/e9f3089e9045812bcf1b410a9d40568917b26c3d",
"url": "https://github.com/traefik/traefik/commit/e9f3089e9045812bcf1b410a9d40568917b26c3d"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/releases/tag/v2.11.35",
"url": "https://github.com/traefik/traefik/releases/tag/v2.11.35"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/releases/tag/v3.6.7",
"url": "https://github.com/traefik/traefik/releases/tag/v3.6.7"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/security/advisories/GHSA-cwjm-3f7h-9hwq",
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-cwjm-3f7h-9hwq"
}
],
"release_date": "2026-01-15T22:44:05.423000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "traefik: Traefik: Denial of Service via ACME TLS-ALPN fast path resource exhaustion"
},
{
"cve": "CVE-2026-23745",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-01-16T23:01:26.508727+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430538"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the node-tar library. This vulnerability allows an attacker to craft malicious archives that, when extracted, can bypass intended security restrictions. This leads to arbitrary file overwrite and symlink poisoning, potentially allowing unauthorized modification of files on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that utilize the node-tar library. The flaw allows an attacker to perform arbitrary file overwrite and symlink poisoning by crafting malicious tar archives. This occurs due to insufficient path sanitization of hardlink and symbolic link entries, even when the default secure behavior (preservePaths is false) is enabled.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-23745"
},
{
"category": "external",
"summary": "RHBZ#2430538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430538"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-23745",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-23745",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23745"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/commit/340eb285b6d986e91969a1170d7fe9b0face405e",
"url": "https://github.com/isaacs/node-tar/commit/340eb285b6d986e91969a1170d7fe9b0face405e"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/security/advisories/GHSA-8qq5-rm4j-mr97",
"url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-8qq5-rm4j-mr97"
}
],
"release_date": "2026-01-16T22:00:08.769000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives"
},
{
"cve": "CVE-2026-23950",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-01-20T02:00:55.870044+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431036"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-tar, a library for Node.js. This race condition vulnerability occurs due to incomplete handling of Unicode path collisions within the `path-reservations` system on case-insensitive filesystems, such as macOS APFS. A remote attacker can exploit this by providing a specially crafted tar archive containing filenames that cause these collisions, bypassing internal concurrency safeguards. Successful exploitation can lead to arbitrary file overwrite.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. The `node-tar` library is susceptible to a race condition due to incomplete handling of Unicode path collisions, which can lead to arbitrary file overwrites via symlink poisoning. However, this issue primarily affects case-insensitive or normalization-insensitive filesystems. Red Hat Enterprise Linux and other Red Hat products typically utilize case-sensitive filesystems, which may limit the direct impact of this flaw in default configurations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-23950"
},
{
"category": "external",
"summary": "RHBZ#2431036",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431036"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-23950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23950"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-23950",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23950"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/commit/3b1abfae650056edfabcbe0a0df5954d390521e6",
"url": "https://github.com/isaacs/node-tar/commit/3b1abfae650056edfabcbe0a0df5954d390521e6"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/security/advisories/GHSA-r6q2-hw4h-h46w",
"url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-r6q2-hw4h-h46w"
}
],
"release_date": "2026-01-20T00:40:48.510000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition"
},
{
"cve": "CVE-2026-24049",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-01-22T05:00:54.709179+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431959"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "RHBZ#2431959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24049",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef",
"url": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/releases/tag/0.46.2",
"url": "https://github.com/pypa/wheel/releases/tag/0.46.2"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx",
"url": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx"
}
],
"release_date": "2026-01-22T04:02:08.706000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking"
},
{
"cve": "CVE-2026-24842",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2026-01-28T01:01:16.886629+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2433645"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-tar, a Node.js module for handling TAR archives. This vulnerability allows a remote attacker to bypass path traversal protections by crafting a malicious TAR archive. The security check for hardlink entries uses different path resolution logic than the actual hardlink creation, enabling the attacker to create hardlinks to arbitrary files outside the intended extraction directory. This could lead to unauthorized information disclosure or further system compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an IMPORTANT vulnerability in node-tar, a Node.js module for handling TAR archives. The flaw allows an attacker to bypass path traversal protections by crafting a malicious TAR archive. This could lead to the creation of hardlinks to arbitrary files outside the intended extraction directory, potentially resulting in unauthorized information disclosure or further system compromise in affected Red Hat products utilizing node-tar for archive processing.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24842"
},
{
"category": "external",
"summary": "RHBZ#2433645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433645"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24842",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24842",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24842"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/commit/f4a7aa9bc3d717c987fdf1480ff7a64e87ffdb46",
"url": "https://github.com/isaacs/node-tar/commit/f4a7aa9bc3d717c987fdf1480ff7a64e87ffdb46"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/security/advisories/GHSA-34x7-hfp2-rc4v",
"url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-34x7-hfp2-rc4v"
}
],
"release_date": "2026-01-28T00:20:13.261000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check"
},
{
"cve": "CVE-2026-25223",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2026-02-03T22:01:19.884891+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2436560"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fastify, a web framework for Node.js. A remote attacker can exploit a validation bypass vulnerability by appending a tab character followed by arbitrary content to the Content-Type header. This circumvents the request body validation schemas, allowing the server to process the body as the original content type without proper validation. This could lead to unexpected data processing and potential integrity impact.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Fastify: Fastify: Validation bypass due to malformed Content-Type header leading to integrity impact",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This IMPORTANT vulnerability in Fastify, a Node.js web framework, allows remote attackers to bypass request body validation by manipulating the Content-Type header. This can lead to unexpected data processing and integrity issues in applications. Red Hat products such as Red Hat Enterprise Linux AI, Red Hat OpenShift AI, and Red Hat OpenShift Dev Spaces are affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25223"
},
{
"category": "external",
"summary": "RHBZ#2436560",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436560"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25223",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25223"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25223",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25223"
},
{
"category": "external",
"summary": "https://fastify.dev/docs/latest/Reference/Validation-and-Serialization",
"url": "https://fastify.dev/docs/latest/Reference/Validation-and-Serialization"
},
{
"category": "external",
"summary": "https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/content-type-parser.js#L125",
"url": "https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/content-type-parser.js#L125"
},
{
"category": "external",
"summary": "https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/validation.js#L272",
"url": "https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/validation.js#L272"
},
{
"category": "external",
"summary": "https://github.com/fastify/fastify/commit/32d7b6add39ddf082d92579a58bea7018c5ac821",
"url": "https://github.com/fastify/fastify/commit/32d7b6add39ddf082d92579a58bea7018c5ac821"
},
{
"category": "external",
"summary": "https://github.com/fastify/fastify/security/advisories/GHSA-jx2c-rxcm-jvmq",
"url": "https://github.com/fastify/fastify/security/advisories/GHSA-jx2c-rxcm-jvmq"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3464114",
"url": "https://hackerone.com/reports/3464114"
}
],
"release_date": "2026-02-03T21:21:40.268000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Fastify: Fastify: Validation bypass due to malformed Content-Type header leading to integrity impact"
},
{
"cve": "CVE-2026-25639",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-09T21:00:49.280114+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438237"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "RHBZ#2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"release_date": "2026-02-09T20:11:22.374000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
},
{
"cve": "CVE-2026-25949",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-02-12T21:01:13.761844+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439522"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Traefik, an HTTP reverse proxy and load balancer. An unauthenticated client can exploit this vulnerability by sending a specific 8-byte Postgres SSLRequest (STARTTLS) prelude and then intentionally delaying further communication. This action bypasses Traefik\u0027s configured read timeouts, causing connections to remain open indefinitely. The primary consequence is a Denial of Service, as the server\u0027s resources become exhausted by these persistent, non-responsive connections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/traefik/traefik: Traefik: Denial of Service via stalled STARTTLS requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an IMPORTANT denial of service flaw in Traefik, an HTTP reverse proxy and load balancer, affecting Red Hat OpenShift Dev Spaces. An unauthenticated client can exploit this by sending a specific STARTTLS request and then stalling, which bypasses configured read timeouts and causes connections to remain open indefinitely, leading to resource exhaustion.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25949"
},
{
"category": "external",
"summary": "RHBZ#2439522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439522"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25949",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25949"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25949",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25949"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/commit/31e566e9f1d7888ccb6fbc18bfed427203c35678",
"url": "https://github.com/traefik/traefik/commit/31e566e9f1d7888ccb6fbc18bfed427203c35678"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/releases/tag/v3.6.8",
"url": "https://github.com/traefik/traefik/releases/tag/v3.6.8"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/security/advisories/GHSA-89p3-4642-cr2w",
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-89p3-4642-cr2w"
}
],
"release_date": "2026-02-12T20:01:19.600000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/traefik/traefik: Traefik: Denial of Service via stalled STARTTLS requests"
},
{
"cve": "CVE-2026-26960",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-02-20T02:01:07.883769+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441253"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-tar. An attacker can craft a malicious archive that, when extracted with default options, creates a hardlink outside the intended extraction directory. This vulnerability allows the attacker to perform arbitrary file read and write operations as the user extracting the archive, bypassing existing path protections. This can lead to unauthorized access and modification of sensitive system files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Red Hat environments, this condition introduces a significant constraint, as exploitation requires user interaction and reliance on unsafe handling of externally supplied archives. The attack is not remotely exploitable in isolation and depends on a user or service processing attacker-controlled input.\n\nFurthermore, the impact of the vulnerability is limited to the privileges of the extracting process. In typical Red Hat deployments, archive extraction is performed by non-privileged users or within confined environments such as containers or restricted service contexts, which limits the scope of potential damage.\n\nRed Hat analysis also notes that this issue does not provide a direct mechanism for code execution or privilege escalation, but rather enables file system manipulation within the boundaries of the executing user\u2019s permissions.\n\nGiven the requirement for user-assisted exploitation, the absence of a direct remote attack vector, and the confinement of impact to the privileges of the extracting process, Red Hat considers the practical risk to be lower than the generalized NVD assessment. As a result, this vulnerability is classified as Moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26960"
},
{
"category": "external",
"summary": "RHBZ#2441253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441253"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26960"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26960",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26960"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384",
"url": "https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/commit/d18e4e1f846f4ddddc153b0f536a19c050e7499f",
"url": "https://github.com/isaacs/node-tar/commit/d18e4e1f846f4ddddc153b0f536a19c050e7499f"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/security/advisories/GHSA-83g3-92jg-28cx",
"url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-83g3-92jg-28cx"
}
],
"release_date": "2026-02-20T01:07:52.979000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation"
},
{
"cve": "CVE-2026-26996",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-20T04:01:11.896063+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441268"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: minimatch: Denial of Service via specially crafted glob patterns",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "RHBZ#2441268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5",
"url": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26"
}
],
"release_date": "2026-02-20T03:05:21.105000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns"
}
]
}
RHSA-2026:6226
Vulnerability from csaf_redhat - Published: 2026-03-31 02:53 - Updated: 2026-07-03 11:01A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64 | — |
An excessive resource consumption flaw has been discovered in the jsPDF npm library. Passing a maliciously crafted PNG file to the library may result in high CPU usage and a denial of service of the program the library is being used in.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64 | — |
Workaround
|
A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64 | — |
Workaround
|
A denial of service flaw has been discovered in the Axios npm package. When Axios runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response. This path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested responseType: 'stream'.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64 | — |
Workaround
|
A symlink validation bypass flaw has been discovered in the npm tar-fs library. Affected versions are vulnerable to a symlink validation bypass if the destination directory is predictable with a specific tarball.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64 | — |
Workaround
|
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64 | — |
Workaround
|
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64 | — |
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64 | — |
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64 | — |
A flaw was found in nats-server. The WebSockets implementation fails to enforce a memory allocation limit during the decompression of WebSocket messages. A malicious compressed payload allows an attacker to cause an excessive memory consumption, eventually resulting in a server crash and a complete denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Multicluster Global Hub v1.6.2 general availability release images, which provide security fixes, bug fixes, and updated container images.\n\nRed Hat Product Security has rated this update as having a security impact of Important. \nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat multicluster global hub is a set of components that enable you to import one or more hub clusters and manage them from a single hub cluster.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:6226",
"url": "https://access.redhat.com/errata/RHSA-2026:6226"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47907",
"url": "https://access.redhat.com/security/cve/CVE-2025-47907"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-57810",
"url": "https://access.redhat.com/security/cve/CVE-2025-57810"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58183",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58754",
"url": "https://access.redhat.com/security/cve/CVE-2025-58754"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59343",
"url": "https://access.redhat.com/security/cve/CVE-2025-59343"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27571",
"url": "https://access.redhat.com/security/cve/CVE-2026-27571"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_6226.json"
}
],
"title": "Red Hat Security Advisory: Multicluster Global Hub 1.6.2 security update",
"tracking": {
"current_release_date": "2026-07-03T11:01:36+00:00",
"generator": {
"date": "2026-07-03T11:01:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:6226",
"initial_release_date": "2026-03-31T02:53:32+00:00",
"revision_history": [
{
"date": "2026-03-31T02:53:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-31T02:53:38+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-03T11:01:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Multicluster Global Hub 1.6.2",
"product": {
"name": "Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:multicluster_globalhub:1.6::el9"
}
}
}
],
"category": "product_family",
"name": "Multicluster Global Hub"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3Ab7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773650060"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3Af244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774245790"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3A4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774245716"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-operator-bundle@sha256%3A9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774364330"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3Ad4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774362315"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3A9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773649712"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3A3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773650060"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3A4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774245790"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3A2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774245716"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3Ab59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774362315"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3A239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773649712"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3A437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773650060"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3A7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774245790"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3Acbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774245716"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3Ab5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774362315"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3A39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773649712"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3A035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773650060"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3A4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774245790"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3A78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774245716"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3A48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1774362315"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3Abe5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773649712"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64 as a component of Multicluster Global Hub 1.6.2",
"product_id": "Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.6.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47907",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"discovery_date": "2025-08-07T16:01:06.247481+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2387083"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "database/sql: Postgres Scan Race Condition",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Moderate severity issues rather than Important. The os/exec LookPath flaw requires a misconfigured PATH to be exploitable, and the database/sql race condition primarily impacts applications that cancel queries while running multiple queries concurrently. Both can cause unexpected behavior, but the exploitation scope is limited and unlikely to result in direct compromise in most typical deployments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47907"
},
{
"category": "external",
"summary": "RHBZ#2387083",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387083"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907"
},
{
"category": "external",
"summary": "https://go.dev/cl/693735",
"url": "https://go.dev/cl/693735"
},
{
"category": "external",
"summary": "https://go.dev/issue/74831",
"url": "https://go.dev/issue/74831"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM",
"url": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3849",
"url": "https://pkg.go.dev/vuln/GO-2025-3849"
}
],
"release_date": "2025-08-07T15:25:30.704000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-31T02:53:32+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "database/sql: Postgres Scan Race Condition"
},
{
"cve": "CVE-2025-57810",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-08-26T16:01:25.508363+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2391077"
}
],
"notes": [
{
"category": "description",
"text": "An excessive resource consumption flaw has been discovered in the jsPDF npm library. Passing a maliciously crafted PNG file to the library may result in high CPU usage and a denial of service of the program the library is being used in.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jspdf: jsPDF Denial of Service (DoS)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The availability impact of this flaw is limited on Red Hat systems as the host operating system is not at risk of degradation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-57810"
},
{
"category": "external",
"summary": "RHBZ#2391077",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391077"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-57810",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57810"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-57810",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57810"
},
{
"category": "external",
"summary": "https://github.com/parallax/jsPDF/commit/4cf3ab619e565d9b88b4b130bff901b91d8688e9",
"url": "https://github.com/parallax/jsPDF/commit/4cf3ab619e565d9b88b4b130bff901b91d8688e9"
},
{
"category": "external",
"summary": "https://github.com/parallax/jsPDF/pull/3880",
"url": "https://github.com/parallax/jsPDF/pull/3880"
},
{
"category": "external",
"summary": "https://github.com/parallax/jsPDF/releases/tag/v3.0.2",
"url": "https://github.com/parallax/jsPDF/releases/tag/v3.0.2"
},
{
"category": "external",
"summary": "https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw",
"url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw"
}
],
"release_date": "2025-08-26T15:37:28.071000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-31T02:53:32+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6226"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jspdf: jsPDF Denial of Service (DoS)"
},
{
"cve": "CVE-2025-58183",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:50.573951+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407258"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted GNU tar pax 1.0 archive with the application using the archive/tar package. Additionally, this issue can cause the Go application to allocate a large amount of memory, eventually leading to an out-of-memory condition and resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "RHBZ#2407258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407258"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://go.dev/cl/709861",
"url": "https://go.dev/cl/709861"
},
{
"category": "external",
"summary": "https://go.dev/issue/75677",
"url": "https://go.dev/issue/75677"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4014",
"url": "https://pkg.go.dev/vuln/GO-2025-4014"
}
],
"release_date": "2025-10-29T22:10:14.376000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-31T02:53:32+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6226"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map"
},
{
"cve": "CVE-2025-58754",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-12T02:00:53.897605+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2394735"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. When Axios runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response.\nThis path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested responseType: \u0027stream\u0027.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios DoS via lack of data size check",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Availability impact is limited to the application which bundles axios and not the host Red Hat system.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58754"
},
{
"category": "external",
"summary": "RHBZ#2394735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58754",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58754"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593",
"url": "https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/pull/7011",
"url": "https://github.com/axios/axios/pull/7011"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.12.0",
"url": "https://github.com/axios/axios/releases/tag/v1.12.0"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj",
"url": "https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj"
}
],
"release_date": "2025-09-12T01:16:40.513000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-31T02:53:32+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6226"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "axios: Axios DoS via lack of data size check"
},
{
"cve": "CVE-2025-59343",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-09-24T18:01:19.612438+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2397901"
}
],
"notes": [
{
"category": "description",
"text": "A symlink validation bypass flaw has been discovered in the npm tar-fs library. Affected versions are vulnerable to a symlink validation bypass if the destination directory is predictable with a specific tarball.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tar-fs: tar-fs symlink validation bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59343"
},
{
"category": "external",
"summary": "RHBZ#2397901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397901"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59343",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59343"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59343",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59343"
},
{
"category": "external",
"summary": "https://github.com/mafintosh/tar-fs/commit/0bd54cdf06da2b7b5b95cd4b062c9f4e0a8c4e09",
"url": "https://github.com/mafintosh/tar-fs/commit/0bd54cdf06da2b7b5b95cd4b062c9f4e0a8c4e09"
},
{
"category": "external",
"summary": "https://github.com/mafintosh/tar-fs/security/advisories/GHSA-vj76-c3g6-qr5v",
"url": "https://github.com/mafintosh/tar-fs/security/advisories/GHSA-vj76-c3g6-qr5v"
}
],
"release_date": "2025-09-24T17:43:34.728000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-31T02:53:32+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6226"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tar-fs: tar-fs symlink validation bypass"
},
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-31T02:53:32+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6226"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-31T02:53:32+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6226"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-31T02:53:32+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-31T02:53:32+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6226"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-27571",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-02-24T17:04:11.684134+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442401"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nats-server. The WebSockets implementation fails to enforce a memory allocation limit during the decompression of WebSocket messages. A malicious compressed payload allows an attacker to cause an excessive memory consumption, eventually resulting in a server crash and a complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nats-server: WebSockets pre-auth memory DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw does not require valid NATS credentials to be exploited as the use of compression is negotiated before the authentication process. However, only deployments using WebSockets and that are exposed to untrusted network endpoints are vulnerable to this issue, limiting its exposure. Due to these reasons, this issue has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27571"
},
{
"category": "external",
"summary": "RHBZ#2442401",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442401"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27571",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27571"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27571",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27571"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/commit/f77fb7c4535e6727cc1a2899cd8e6bbdd8ba2017",
"url": "https://github.com/nats-io/nats-server/commit/f77fb7c4535e6727cc1a2899cd8e6bbdd8ba2017"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/releases/tag/v2.11.12",
"url": "https://github.com/nats-io/nats-server/releases/tag/v2.11.12"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/releases/tag/v2.12.3",
"url": "https://github.com/nats-io/nats-server/releases/tag/v2.12.3"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-qrvq-68c2-7grw",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-qrvq-68c2-7grw"
}
],
"release_date": "2026-02-24T15:59:17.926000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-31T02:53:32+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6226"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4736201438be34ef50de48b9a3d66db5afc5e5831f43c03b0997868601f6a9df_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:4bc7e3ff6dbf302216dc178f810b05d7a2111dc282f0f750756cf0bf6087500a_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:7a15c7d86a736b47e5622eab05a3afc503211987f6f43a3dbc84e78bbf669571_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:f244199ed6bfaa0b2402a94d1b68b7249cf3eda9d0147316c3d8879d1f897986_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:3ad24c00931c4024f1acf777d5b4abe874fd90f41a7d16053b11b0a24542ff97_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:437e02ffbc088d65e6697c2fd1d45ffd52c24828846a793661eacf2a26e297bc_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:b7a0ed5f55190d1688180a775074916bb6f3a4cb4dde71b48481c9858b514b7e_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:2e122bde4ebe81137cc444ee6f320bdb9ecc44f04a6f7cc8bddc4118cefcf93c_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:4bc6678736ae57b9980042fa1890226fa0e9850c780815ec641425af6c24c121_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:78651ded14b7828ba304579cc335543b993b395d0725c1980ea388b2130076d2_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:cbeb3fb1de219e3e515ba7e02f34836ebd1717d2dced4a6f1f46058f57e6d5eb_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:9ce0cdeed264fe07ae4372d898bf4842aa54983206967748d00bdc835555d25f_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:239e83fb26062ff6f3f7a50e299e54e272e6342660bb3f387f952edf9e354763_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:39c70f4fcd2ad2bb8495de3e748f8ec60d0dad9e2f7e4d41ebcfde777d99cc0c_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:9d6c8bd778da4dd6e45730d8a6c00b8e24e930de6c7b64461d348315495134f4_amd64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:be5fe7a5bb171515bbdd7f747f76aa0cf8486ed62f7a1ee80405b602a810aef7_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:48c808f50398202bcac609f760af2289df8e190cdf6c51165debe4354602573b_arm64",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b59011fdb03a6f9696d6a27b35fd05f0cdb87243e4aac824a309ff8e077361c6_ppc64le",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:b5eb668bca1c305eb096d72da69bcb7588e5da5ccd4a6ca765f9075f38699a7a_s390x",
"Multicluster Global Hub 1.6.2:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:d4329b36c0c1dda7dbbcfeb826b045df9d1aadd4d606ac62a70a8f7740c445d5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nats-server: WebSockets pre-auth memory DoS"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.