Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-12905 (GCVE-0-2024-12905)
Vulnerability from cvelistv5 – Published: 2025-03-27 16:25 – Updated: 2025-11-03 19:29
VLAI
EPSS
Summary
An Improper Link Resolution Before File Access ("Link Following") and Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package.
This issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/mafintosh/tar-fs/commit/a1dd7e… | patch |
| https://www.seal.security/blog/a-link-to-the-past… | technical-description |
| https://lists.debian.org/debian-lts-announce/2025… |
Impacted products
Credits
@bnbdr
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12905",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T18:21:53.061002Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T18:25:53.445Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:29:11.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://registry.npmjs.org",
"defaultStatus": "unaffected",
"packageName": "tar-fs",
"programFiles": [
"index.js"
],
"repo": "https://github.com/mafintosh/tar-fs",
"versions": [
{
"changes": [
{
"at": "1.16.4",
"status": "unaffected"
}
],
"lessThan": "1.16.4",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "2.1.2",
"status": "unaffected"
}
],
"lessThan": "2.1.2",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.0.8",
"status": "unaffected"
}
],
"lessThan": "3.0.8",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "@bnbdr"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An \u003cstrong\u003eImproper Link Resolution Before File Access (\"Link Following\")\u003c/strong\u003e and \u003cstrong\u003eImproper Limitation of a Pathname to a Restricted Directory (\"Path Traversal\")\u003c/strong\u003e. This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with \u003ccode\u003eindex.js\u003c/code\u003e in the \u003ccode\u003etar-fs\u003c/code\u003e package.\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8.\u003c/p\u003e"
}
],
"value": "An Improper Link Resolution Before File Access (\"Link Following\") and Improper Limitation of a Pathname to a Restricted Directory (\"Path Traversal\"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package.\n\nThis issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8."
}
],
"impacts": [
{
"capecId": "CAPEC-132",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-132 Symlink Attack"
}
]
},
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-20T15:42:44.814Z",
"orgId": "22e2d327-25fe-45d7-9f0c-dcd23b7108df",
"shortName": "seal"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/mafintosh/tar-fs/commit/a1dd7e7c7f4b4a8bd2ab60f513baca573b44e2ed"
},
{
"tags": [
"technical-description"
],
"url": "https://www.seal.security/blog/a-link-to-the-past-uncovering-a-new-vulnerability-in-tar-fs"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "22e2d327-25fe-45d7-9f0c-dcd23b7108df",
"assignerShortName": "seal",
"cveId": "CVE-2024-12905",
"datePublished": "2025-03-27T16:25:34.410Z",
"dateReserved": "2024-12-23T13:53:01.494Z",
"dateUpdated": "2025-11-03T19:29:11.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-12905",
"date": "2026-06-04",
"epss": "0.00806",
"percentile": "0.74504"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-12905\",\"sourceIdentifier\":\"22e2d327-25fe-45d7-9f0c-dcd23b7108df\",\"published\":\"2025-03-27T17:15:53.250\",\"lastModified\":\"2025-11-03T20:16:08.077\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An Improper Link Resolution Before File Access (\\\"Link Following\\\") and Improper Limitation of a Pathname to a Restricted Directory (\\\"Path Traversal\\\"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package.\\n\\nThis issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8.\"},{\"lang\":\"es\",\"value\":\"Resoluci\u00f3n incorrecta de enlaces antes del acceso a archivos (\\\"Link Following\\\") y limitaci\u00f3n incorrecta de una ruta a un directorio restringido (\\\"Path Traversal\\\"). Esta vulnerabilidad se produce al extraer un archivo tar manipulado con fines maliciosos, lo que puede provocar escrituras o sobrescrituras no autorizadas de archivos fuera del directorio de extracci\u00f3n previsto. El problema est\u00e1 asociado con index.js en el paquete tar-fs. Este problema afecta a tar-fs: desde la versi\u00f3n 0.0.0 hasta la 1.16.4, desde la versi\u00f3n 2.0.0 hasta la 2.1.2, desde la versi\u00f3n 3.0.0 hasta la 3.0.8.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"22e2d327-25fe-45d7-9f0c-dcd23b7108df\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"22e2d327-25fe-45d7-9f0c-dcd23b7108df\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"},{\"lang\":\"en\",\"value\":\"CWE-59\"}]}],\"references\":[{\"url\":\"https://github.com/mafintosh/tar-fs/commit/a1dd7e7c7f4b4a8bd2ab60f513baca573b44e2ed\",\"source\":\"22e2d327-25fe-45d7-9f0c-dcd23b7108df\"},{\"url\":\"https://www.seal.security/blog/a-link-to-the-past-uncovering-a-new-vulnerability-in-tar-fs\",\"source\":\"22e2d327-25fe-45d7-9f0c-dcd23b7108df\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/06/msg00012.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2025/06/msg00012.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T19:29:11.810Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-12905\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-27T18:21:53.061002Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-27T18:24:06.268Z\"}}], \"cna\": {\"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"@bnbdr\"}], \"impacts\": [{\"capecId\": \"CAPEC-132\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-132 Symlink Attack\"}]}, {\"capecId\": \"CAPEC-126\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-126 Path Traversal\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/mafintosh/tar-fs\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"1.16.4\", \"status\": \"unaffected\"}], \"version\": \"0.0.0\", \"lessThan\": \"1.16.4\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"2.1.2\", \"status\": \"unaffected\"}], \"version\": \"2.0.0\", \"lessThan\": \"2.1.2\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"3.0.8\", \"status\": \"unaffected\"}], \"version\": \"3.0.0\", \"lessThan\": \"3.0.8\", \"versionType\": \"semver\"}], \"packageName\": \"tar-fs\", \"programFiles\": [\"index.js\"], \"collectionURL\": \"https://registry.npmjs.org\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/mafintosh/tar-fs/commit/a1dd7e7c7f4b4a8bd2ab60f513baca573b44e2ed\", \"tags\": [\"patch\"]}, {\"url\": \"https://www.seal.security/blog/a-link-to-the-past-uncovering-a-new-vulnerability-in-tar-fs\", \"tags\": [\"technical-description\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An Improper Link Resolution Before File Access (\\\"Link Following\\\") and Improper Limitation of a Pathname to a Restricted Directory (\\\"Path Traversal\\\"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package.\\n\\nThis issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An \u003cstrong\u003eImproper Link Resolution Before File Access (\\\"Link Following\\\")\u003c/strong\u003e and \u003cstrong\u003eImproper Limitation of a Pathname to a Restricted Directory (\\\"Path Traversal\\\")\u003c/strong\u003e. This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with \u003ccode\u003eindex.js\u003c/code\u003e in the \u003ccode\u003etar-fs\u003c/code\u003e package.\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-59\", \"description\": \"CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"22e2d327-25fe-45d7-9f0c-dcd23b7108df\", \"shortName\": \"seal\", \"dateUpdated\": \"2025-04-20T15:42:44.814Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-12905\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T19:29:11.810Z\", \"dateReserved\": \"2024-12-23T13:53:01.494Z\", \"assignerOrgId\": \"22e2d327-25fe-45d7-9f0c-dcd23b7108df\", \"datePublished\": \"2025-03-27T16:25:34.410Z\", \"assignerShortName\": \"seal\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Title
Уязвимость модуля для работы с архивами tar tar-fs, связанная с некорректным определением символических ссылок перед доступом к файлу, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Description
Уязвимость модуля для работы с архивами tar tar-fs связана с некорректным определением символических ссылок перед доступом к файлу. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к защищаемой информации
Severity
Vendor
Сообщество свободного программного обеспечения, Red Hat Inc.
Software Name
Debian GNU/Linux, OpenShift Serverless, Logging subsystem for Red Hat OpenShift, Red Hat Developer Hub, tar-fs
Software Version
11 (Debian GNU/Linux), 12 (Debian GNU/Linux), - (OpenShift Serverless), - (Logging subsystem for Red Hat OpenShift), - (Red Hat Developer Hub), от 0.0.0 до 1.16.4 (tar-fs), от 2.0.0 до 2.1.2 (tar-fs), от 3.0.0 до 3.0.8 (tar-fs)
Possible Mitigations
Использование рекомендаций:
https://github.com/mafintosh/tar-fs/commit/a1dd7e7c7f4b4a8bd2ab60f513baca573b44e2ed
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2024-12905
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/cve-2024-12905
Reference
https://github.com/mafintosh/tar-fs/commit/a1dd7e7c7f4b4a8bd2ab60f513baca573b44e2ed
https://security-tracker.debian.org/tracker/CVE-2024-12905
https://access.redhat.com/security/cve/cve-2024-12905
CWE
CWE-59
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Red Hat Inc.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "11 (Debian GNU/Linux), 12 (Debian GNU/Linux), - (OpenShift Serverless), - (Logging subsystem for Red Hat OpenShift), - (Red Hat Developer Hub), \u043e\u0442 0.0.0 \u0434\u043e 1.16.4 (tar-fs), \u043e\u0442 2.0.0 \u0434\u043e 2.1.2 (tar-fs), \u043e\u0442 3.0.0 \u0434\u043e 3.0.8 (tar-fs)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://github.com/mafintosh/tar-fs/commit/a1dd7e7c7f4b4a8bd2ab60f513baca573b44e2ed\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2024-12905\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2024-12905",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "27.03.2025",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "14.11.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "14.11.2025",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-14106",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-12905",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, OpenShift Serverless, Logging subsystem for Red Hat OpenShift, Red Hat Developer Hub, tar-fs",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u044f \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0441 \u0430\u0440\u0445\u0438\u0432\u0430\u043c\u0438 tar tar-fs, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u044b\u043c \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u0435\u043c \u0441\u0438\u043c\u0432\u043e\u043b\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0441\u0441\u044b\u043b\u043e\u043a \u043f\u0435\u0440\u0435\u0434 \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u043a \u0444\u0430\u0439\u043b\u0443, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0432\u0435\u0440\u043d\u043e\u0435 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u0435 \u0441\u0441\u044b\u043b\u043a\u0438 \u043f\u0435\u0440\u0435\u0434 \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u043a \u0444\u0430\u0439\u043b\u0443 (CWE-59)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u044f \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0441 \u0430\u0440\u0445\u0438\u0432\u0430\u043c\u0438 tar tar-fs \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u044b\u043c \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u0435\u043c \u0441\u0438\u043c\u0432\u043e\u043b\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0441\u0441\u044b\u043b\u043e\u043a \u043f\u0435\u0440\u0435\u0434 \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u043a \u0444\u0430\u0439\u043b\u0443. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/mafintosh/tar-fs/commit/a1dd7e7c7f4b4a8bd2ab60f513baca573b44e2ed\nhttps://security-tracker.debian.org/tracker/CVE-2024-12905\nhttps://access.redhat.com/security/cve/cve-2024-12905",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-59",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
CERTFR-2025-AVI-0512
Vulnerability from certfr_avis - Published: 2025-06-13 - Updated: 2025-06-13
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Security QRadar EDR | Security QRadar EDR versions antérieures à 3.12.16 | ||
| IBM | Db2 | Db2 versions antérieures à 5.2.0 pour Cloud Pak for Data | ||
| IBM | Cognos Analytics | Cognos Analytics versions 12.0.x antérieures à 12.0.4 FP1 | ||
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x antérieures à 11.2.4 IF4 | ||
| IBM | Db2 Warehouse | Db2 warehouse versions antérieures à 5.2.0 pour Cloud Pak for Data |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Security QRadar EDR versions ant\u00e9rieures \u00e0 3.12.16",
"product": {
"name": "Security QRadar EDR",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 versions ant\u00e9rieures \u00e0 5.2.0 pour Cloud Pak for Data",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4 FP1",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 IF4",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 warehouse versions ant\u00e9rieures \u00e0 5.2.0 pour Cloud Pak for Data",
"product": {
"name": "Db2 Warehouse",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-0917",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0917"
},
{
"name": "CVE-2018-19361",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19361"
},
{
"name": "CVE-2023-29483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29483"
},
{
"name": "CVE-2021-33036",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33036"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2024-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2018-14719",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
},
{
"name": "CVE-2020-9546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
},
{
"name": "CVE-2024-28757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28757"
},
{
"name": "CVE-2025-47944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47944"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2025-30065",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30065"
},
{
"name": "CVE-2025-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27219"
},
{
"name": "CVE-2024-25638",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25638"
},
{
"name": "CVE-2023-45853",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45853"
},
{
"name": "CVE-2017-9047",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9047"
},
{
"name": "CVE-2020-9548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2023-45178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45178"
},
{
"name": "CVE-2024-47076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47076"
},
{
"name": "CVE-2024-47177",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47177"
},
{
"name": "CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"name": "CVE-2022-26612",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26612"
},
{
"name": "CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"name": "CVE-2024-1975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1975"
},
{
"name": "CVE-2024-47561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
},
{
"name": "CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"name": "CVE-2024-31881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31881"
},
{
"name": "CVE-2020-9547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2018-14718",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
},
{
"name": "CVE-2025-0923",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0923"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2018-19360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19360"
},
{
"name": "CVE-2024-1737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1737"
},
{
"name": "CVE-2024-31880",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31880"
},
{
"name": "CVE-2024-29025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
},
{
"name": "CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"name": "CVE-2024-28762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28762"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"name": "CVE-2023-50298",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50298"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2024-53197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53197"
},
{
"name": "CVE-2025-43859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43859"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2024-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23454"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"name": "CVE-2024-37529",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37529"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2021-25642",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25642"
},
{
"name": "CVE-2024-53382",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53382"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2020-9492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9492"
},
{
"name": "CVE-2025-27220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27220"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2024-12905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
},
{
"name": "CVE-2024-41946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41946"
},
{
"name": "CVE-2024-52046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52046"
},
{
"name": "CVE-2021-37404",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37404"
},
{
"name": "CVE-2025-47935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47935"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2019-20330",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
},
{
"name": "CVE-2023-44981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44981"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2024-25062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
},
{
"name": "CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"name": "CVE-2024-10963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10963"
},
{
"name": "CVE-2024-57965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57965"
},
{
"name": "CVE-2023-29267",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29267"
},
{
"name": "CVE-2024-31882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31882"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2018-14720",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14720"
},
{
"name": "CVE-2024-47176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47176"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2023-52922",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52922"
},
{
"name": "CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2024-6827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6827"
},
{
"name": "CVE-2018-14721",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14721"
},
{
"name": "CVE-2018-11307",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2025-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"
},
{
"name": "CVE-2022-42969",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42969"
},
{
"name": "CVE-2025-24928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
},
{
"name": "CVE-2024-41091",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41091"
},
{
"name": "CVE-2024-35152",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35152"
},
{
"name": "CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"name": "CVE-2025-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25032"
},
{
"name": "CVE-2023-42282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2024-47175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47175"
},
{
"name": "CVE-2024-41123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41123"
},
{
"name": "CVE-2023-39663",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39663"
},
{
"name": "CVE-2024-35136",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35136"
},
{
"name": "CVE-2022-25168",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25168"
},
{
"name": "CVE-2024-49761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49761"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
}
],
"initial_release_date": "2025-06-13T00:00:00",
"last_revision_date": "2025-06-13T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0512",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-06-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7236500",
"url": "https://www.ibm.com/support/pages/node/7236500"
},
{
"published_at": "2025-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7234674",
"url": "https://www.ibm.com/support/pages/node/7234674"
},
{
"published_at": "2025-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7236354",
"url": "https://www.ibm.com/support/pages/node/7236354"
}
]
}
CERTFR-2025-AVI-1072
Vulnerability from certfr_avis - Published: 2025-12-05 - Updated: 2025-12-05
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling Partner Engagement Manager Standard Edition | Sterling Partner Engagement Manager Standard Edition versions 6.2.3.x antérieures à 6.2.3.5 | ||
| IBM | QRadar Use Case Manager App | QRadar Use Case Manager App versions antérieures à 4.1.0 | ||
| IBM | Cognos Controller | Cognos Controller versions 11.x antérieures à 11.0.1 FP7 | ||
| IBM | Sterling Partner Engagement Manager Standard Edition | Sterling Partner Engagement Manager Standard Edition versions 6.2.4.x antérieures à 6.2.4.2 | ||
| IBM | Sterling Partner Engagement Manager Essentials Edition | Sterling Partner Engagement Manager Essentials Edition versions 6.2.4.x antérieures à 6.2.4.2 | ||
| IBM | Sterling B2B Integrator | Sterling B2B Integrator versions 6.2.1.1 sans le correctif de sécurité 6.2.1.1_1 | ||
| IBM | Sterling Partner Engagement Manager Essentials Edition | Sterling Partner Engagement Manager Essentials Edition versions 6.2.3.x antérieures à 6.2.3.5 | ||
| IBM | Sterling File Gateway | Sterling File Gateway versions 6.2.1.1 sans le correctif de sécurité 6.2.1.1_1 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling Partner Engagement Manager Standard Edition versions 6.2.3.x ant\u00e9rieures \u00e0 6.2.3.5",
"product": {
"name": "Sterling Partner Engagement Manager Standard Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Use Case Manager App versions ant\u00e9rieures \u00e0 4.1.0",
"product": {
"name": "QRadar Use Case Manager App",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Controller versions 11.x ant\u00e9rieures \u00e0 11.0.1 FP7",
"product": {
"name": "Cognos Controller",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager Standard Edition versions 6.2.4.x ant\u00e9rieures \u00e0 6.2.4.2",
"product": {
"name": "Sterling Partner Engagement Manager Standard Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager Essentials Edition versions 6.2.4.x ant\u00e9rieures \u00e0 6.2.4.2",
"product": {
"name": "Sterling Partner Engagement Manager Essentials Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling B2B Integrator versions 6.2.1.1 sans le correctif de s\u00e9curit\u00e9 6.2.1.1_1 ",
"product": {
"name": "Sterling B2B Integrator",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager Essentials Edition versions 6.2.3.x ant\u00e9rieures \u00e0 6.2.3.5",
"product": {
"name": "Sterling Partner Engagement Manager Essentials Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling File Gateway versions 6.2.1.1 sans le correctif de s\u00e9curit\u00e9 6.2.1.1_1 ",
"product": {
"name": "Sterling File Gateway",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"name": "CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"name": "CVE-2023-39017",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39017"
},
{
"name": "CVE-2025-47944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47944"
},
{
"name": "CVE-2025-56200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-56200"
},
{
"name": "CVE-2025-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48795"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2025-12758",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12758"
},
{
"name": "CVE-2024-47764",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47764"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2025-57350",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57350"
},
{
"name": "CVE-2024-12905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
},
{
"name": "CVE-2025-48913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48913"
},
{
"name": "CVE-2025-47935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47935"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2019-20149",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20149"
},
{
"name": "CVE-2025-46653",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46653"
},
{
"name": "CVE-2025-7339",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7339"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2025-48997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48997"
},
{
"name": "CVE-2025-48387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48387"
},
{
"name": "CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"name": "CVE-2025-7338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7338"
},
{
"name": "CVE-2025-59343",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59343"
}
],
"initial_release_date": "2025-12-05T00:00:00",
"last_revision_date": "2025-12-05T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1072",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-12-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7253432",
"url": "https://www.ibm.com/support/pages/node/7253432"
},
{
"published_at": "2025-12-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7253254",
"url": "https://www.ibm.com/support/pages/node/7253254"
},
{
"published_at": "2025-12-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7253227",
"url": "https://www.ibm.com/support/pages/node/7253227"
},
{
"published_at": "2025-12-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7253232",
"url": "https://www.ibm.com/support/pages/node/7253232"
},
{
"published_at": "2025-12-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7253281",
"url": "https://www.ibm.com/support/pages/node/7253281"
}
]
}
CERTFR-2025-AVI-1100
Vulnerability from certfr_avis - Published: 2025-12-12 - Updated: 2025-12-12
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Jira | Jira Software Data Center et Server versions 9.12.x antérieures à 9.12.30 | ||
| Atlassian | Jira | Jira Software Data Center et Server versions 10.3.x antérieures à 10.3.15 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 9.5.x antérieures à 9.5.2 | ||
| Atlassian | Jira | Jira Service Management Data Center et Server versions 11.x antérieures à 11.2.1 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 10.0.x antérieures à 10.0.2 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 8.5.x antérieures à 8.5.30 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 10.1.x antérieures à 10.1.0 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 9.2.x antérieures à 9.2.12 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 9.3.x antérieures à 9.3.1 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 9.4.x antérieures à 9.4.0 | ||
| Atlassian | Jira | Jira Service Management Data Center et Server versions 10.3.x antérieures à 10.3.15 | ||
| Atlassian | Jira | Jira Software Data Center et Server versions 11.x antérieures à 11.2.1 | ||
| Atlassian | Confluence | Confluence Data Center et Server versions 10.2.x antérieures à 10.2.1 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Jira Software Data Center et Server versions 9.12.x ant\u00e9rieures \u00e0 9.12.30",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center et Server versions 10.3.x ant\u00e9rieures \u00e0 10.3.15",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 9.5.x ant\u00e9rieures \u00e0 9.5.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center et Server versions 11.x ant\u00e9rieures \u00e0 11.2.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 10.0.x ant\u00e9rieures \u00e0 10.0.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 8.5.x ant\u00e9rieures \u00e0 8.5.30",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 10.1.x ant\u00e9rieures \u00e0 10.1.0",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 9.2.x ant\u00e9rieures \u00e0 9.2.12",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 9.3.x ant\u00e9rieures \u00e0 9.3.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 9.4.x ant\u00e9rieures \u00e0 9.4.0",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center et Server versions 10.3.x ant\u00e9rieures \u00e0 10.3.15",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center et Server versions 11.x ant\u00e9rieures \u00e0 11.2.1",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center et Server versions 10.2.x ant\u00e9rieures \u00e0 10.2.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2021-39227",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39227"
},
{
"name": "CVE-2022-37603",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
},
{
"name": "CVE-2025-66516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66516"
},
{
"name": "CVE-2024-29415",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29415"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2022-37601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2022-45693",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45693"
},
{
"name": "CVE-2016-1181",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1181"
},
{
"name": "CVE-2025-54988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54988"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2023-49735",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49735"
},
{
"name": "CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"name": "CVE-2024-12905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
},
{
"name": "CVE-2020-8203",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8203"
},
{
"name": "CVE-2022-37599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37599"
},
{
"name": "CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"name": "CVE-2016-1182",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1182"
}
],
"initial_release_date": "2025-12-12T00:00:00",
"last_revision_date": "2025-12-12T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1100",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16469",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16469"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26599",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26599"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101574",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101574"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26636",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26636"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26600",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26600"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16461",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16461"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16478",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16478"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26614",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26614"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16458",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16458"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26630",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26630"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26627",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26627"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26634",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26634"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16466",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16466"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101788",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101788"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101478",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101478"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101573",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101573"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16477",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16477"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26635",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26635"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16470",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16470"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26629",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26629"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16479",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16479"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26625",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26625"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26626",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26626"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101575",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101575"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16462",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16462"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101489",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101489"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26619",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26619"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16456",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16456"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26615",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26615"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26628",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26628"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16480",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16480"
},
{
"published_at": "2025-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26620",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26620"
}
]
}
CERTFR-2025-AVI-1129
Vulnerability from certfr_avis - Published: 2025-12-19 - Updated: 2025-12-19
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu Platform | Extended App Support pour Tanzu Platform versions antérieures à 1.0.11 | ||
| VMware | Tanzu Platform | Cloud Native Buildpacks pour Tanzu Platform versions antérieures à 0.6.1 | ||
| VMware | Tanzu Platform | Elastic Application Runtime pour Tanzu Platform versions antérieures à 10.3.2 | ||
| VMware | Tanzu Platform | Elastic Application Runtime pour Tanzu Platform versions antérieures à 10.2.6+LTS-T | ||
| VMware | Tanzu Kubernetes Runtime | .NET Core Buildpack versions antérieures à 2.4.72 | ||
| VMware | Tanzu Platform | Elastic Application Runtime pour Tanzu Platform versions antérieures à 6.0.23+LTS-T |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Extended App Support pour Tanzu Platform versions ant\u00e9rieures \u00e0 1.0.11",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Native Buildpacks pour Tanzu Platform versions ant\u00e9rieures \u00e0 0.6.1",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime pour Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.2",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime pour Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.6+LTS-T",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": ".NET Core Buildpack versions ant\u00e9rieures \u00e0 2.4.72",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime pour Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.23+LTS-T",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"name": "CVE-2025-59830",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59830"
},
{
"name": "CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"name": "CVE-2025-25186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25186"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2024-25126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25126"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2025-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27219"
},
{
"name": "CVE-2025-3573",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3573"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2025-58185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2025-61919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61919"
},
{
"name": "CVE-2025-61771",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61771"
},
{
"name": "CVE-2025-61770",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61770"
},
{
"name": "CVE-2025-64329",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64329"
},
{
"name": "CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"name": "CVE-2025-61727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"name": "CVE-2025-27111",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27111"
},
{
"name": "CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"name": "CVE-2025-47910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
},
{
"name": "CVE-2025-46727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46727"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2025-31133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31133"
},
{
"name": "CVE-2024-3044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3044"
},
{
"name": "CVE-2025-58188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
},
{
"name": "CVE-2020-7792",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7792"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"name": "CVE-2025-61724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
},
{
"name": "CVE-2025-61723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"name": "CVE-2024-26146",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26146"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2025-66030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66030"
},
{
"name": "CVE-2025-43857",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43857"
},
{
"name": "CVE-2025-61725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
},
{
"name": "CVE-2025-27220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27220"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2024-12905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2025-47912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
},
{
"name": "CVE-2025-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
},
{
"name": "CVE-2024-26141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26141"
},
{
"name": "CVE-2025-58186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
},
{
"name": "CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2025-25184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25184"
},
{
"name": "CVE-2025-24294",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24294"
},
{
"name": "CVE-2025-58181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
},
{
"name": "CVE-2025-47914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
},
{
"name": "CVE-2024-25621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25621"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2025-58189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
},
{
"name": "CVE-2025-61772",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61772"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2025-61748",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61748"
},
{
"name": "CVE-2025-12194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12194"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"name": "CVE-2025-54388",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54388"
},
{
"name": "CVE-2025-59419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59419"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2025-61780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61780"
},
{
"name": "CVE-2025-57352",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57352"
},
{
"name": "CVE-2025-32441",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32441"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2025-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27221"
},
{
"name": "CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
}
],
"initial_release_date": "2025-12-19T00:00:00",
"last_revision_date": "2025-12-19T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1129",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-25",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36626"
},
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36633",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36633"
},
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36630",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36630"
},
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36631",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36631"
},
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2024-26",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36629"
},
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36632",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36632"
},
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2025-25",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36627"
},
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2024-26",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36628"
},
{
"published_at": "2025-12-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36625",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36625"
}
]
}
CERTFR-2026-AVI-0249
Vulnerability from certfr_avis - Published: 2026-03-06 - Updated: 2026-03-06
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar | QRadar Data Synchronization App versions antérieures à 3.3.0 | ||
| IBM | Db2 | DB2 Data Management Console versions antérieures à 3.1.13 | ||
| IBM | Tivoli | Tivoli Netcool/OMNIbus_GUI sans le dernier correctif de sécurité | ||
| IBM | Db2 | DB2 Recovery Expert versions antérieures à 5.5.0.1 Interim Fix 8 | ||
| IBM | Db2 | Db2 Warehouse on Cloud Pak for Data versions antérieures à 5.3.1 | ||
| IBM | Db2 | Db2 on Cloud Pak for Data versions antérieures à 5.3.1 | ||
| IBM | QRadar | QRadar Pre-Validation App versions antérieures à 2.0.2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QRadar Data Synchronization App versions ant\u00e9rieures \u00e0 3.3.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console versions ant\u00e9rieures \u00e0 3.1.13",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Tivoli Netcool/OMNIbus_GUI sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Recovery Expert versions ant\u00e9rieures \u00e0 5.5.0.1 Interim Fix 8",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Warehouse on Cloud Pak for Data versions ant\u00e9rieures \u00e0 5.3.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 on Cloud Pak for Data versions ant\u00e9rieures \u00e0 5.3.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Pre-Validation App versions ant\u00e9rieures \u00e0 2.0.2",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"name": "CVE-2021-33036",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33036"
},
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2025-53547",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53547"
},
{
"name": "CVE-2025-36353",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36353"
},
{
"name": "CVE-2026-21933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
},
{
"name": "CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2026-21932",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2018-14042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
},
{
"name": "CVE-2025-58190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58190"
},
{
"name": "CVE-2024-6531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6531"
},
{
"name": "CVE-2022-21426",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2024-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
},
{
"name": "CVE-2016-0703",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0703"
},
{
"name": "CVE-2025-5222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5222"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"name": "CVE-2025-13867",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13867"
},
{
"name": "CVE-2025-2668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2668"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-36427",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36427"
},
{
"name": "CVE-2024-23944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23944"
},
{
"name": "CVE-2025-32386",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32386"
},
{
"name": "CVE-2024-35176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35176"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"name": "CVE-2025-32421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32421"
},
{
"name": "CVE-2025-47944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47944"
},
{
"name": "CVE-2024-3154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3154"
},
{
"name": "CVE-2024-57980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57980"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2025-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27219"
},
{
"name": "CVE-2025-36384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36384"
},
{
"name": "CVE-2025-36098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36098"
},
{
"name": "CVE-2025-45582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45582"
},
{
"name": "CVE-2024-21068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2024-50302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"
},
{
"name": "CVE-2025-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36184"
},
{
"name": "CVE-2025-58185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2016-0800",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0800"
},
{
"name": "CVE-2024-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3933"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2025-22121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22121"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2025-49128",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49128"
},
{
"name": "CVE-2025-22091",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22091"
},
{
"name": "CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2025-36247",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36247"
},
{
"name": "CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"name": "CVE-2025-36009",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36009"
},
{
"name": "CVE-2016-9318",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9318"
},
{
"name": "CVE-2024-51479",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51479"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2026-23745",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
},
{
"name": "CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"name": "CVE-2022-21624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
},
{
"name": "CVE-2025-36070",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36070"
},
{
"name": "CVE-2022-46337",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46337"
},
{
"name": "CVE-2015-2716",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2716"
},
{
"name": "CVE-2024-43398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43398"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2025-36428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36428"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2025-21613",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21613"
},
{
"name": "CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"name": "CVE-2024-34447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2024-29025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
},
{
"name": "CVE-2025-36424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36424"
},
{
"name": "CVE-2025-36387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36387"
},
{
"name": "CVE-2019-19921",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19921"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2025-64329",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64329"
},
{
"name": "CVE-2025-27903",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27903"
},
{
"name": "CVE-2015-1283",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1283"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-37958",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37958"
},
{
"name": "CVE-2023-22041",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22041"
},
{
"name": "CVE-2022-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2025-61727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2026-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2016-4472",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4472"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2024-10917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10917"
},
{
"name": "CVE-2024-9042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9042"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2024-31141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31141"
},
{
"name": "CVE-2025-30691",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30691"
},
{
"name": "CVE-2025-57822",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57822"
},
{
"name": "CVE-2024-53113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53113"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2025-67779",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67779"
},
{
"name": "CVE-2022-32743",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32743"
},
{
"name": "CVE-2025-55183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55183"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2024-12085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12085"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2023-22043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22043"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2025-31133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31133"
},
{
"name": "CVE-2024-36621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36621"
},
{
"name": "CVE-2024-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23454"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2025-55173",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55173"
},
{
"name": "CVE-2024-40635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40635"
},
{
"name": "CVE-2024-48910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48910"
},
{
"name": "CVE-2024-8184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
},
{
"name": "CVE-2025-38086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38086"
},
{
"name": "CVE-2025-48068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48068"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2022-40609",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40609"
},
{
"name": "CVE-2018-5764",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5764"
},
{
"name": "CVE-2024-50264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50264"
},
{
"name": "CVE-2025-57752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57752"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2022-21628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
},
{
"name": "CVE-2025-38110",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38110"
},
{
"name": "CVE-2020-15115",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15115"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2025-22113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22113"
},
{
"name": "CVE-2025-61724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
},
{
"name": "CVE-2025-5187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5187"
},
{
"name": "CVE-2026-1188",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1188"
},
{
"name": "CVE-2025-37797",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37797"
},
{
"name": "CVE-2012-2098",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2098"
},
{
"name": "CVE-2024-41909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41909"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2023-35887",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35887"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"name": "CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2024-56332",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56332"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2026-25765",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25765"
},
{
"name": "CVE-2025-7039",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7039"
},
{
"name": "CVE-2022-29458",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29458"
},
{
"name": "CVE-2024-39908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39908"
},
{
"name": "CVE-2025-27220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27220"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2025-38089",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38089"
},
{
"name": "CVE-2023-2727",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2727"
},
{
"name": "CVE-2024-12905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2025-36425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36425"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2021-37404",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37404"
},
{
"name": "CVE-2025-58457",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58457"
},
{
"name": "CVE-2026-24842",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
},
{
"name": "CVE-2025-47935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47935"
},
{
"name": "CVE-2025-22085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22085"
},
{
"name": "CVE-2025-50537",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50537"
},
{
"name": "CVE-2026-23950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23950"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2024-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21626"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2025-47912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2016-0704",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0704"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2025-54410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54410"
},
{
"name": "CVE-2025-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2022-29154",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29154"
},
{
"name": "CVE-2025-1767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1767"
},
{
"name": "CVE-2025-58186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2021-22569",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
},
{
"name": "CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2025-36001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36001"
},
{
"name": "CVE-2023-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2024-47875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47875"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2025-47913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2018-14041",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14041"
},
{
"name": "CVE-2025-24294",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24294"
},
{
"name": "CVE-2025-29927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29927"
},
{
"name": "CVE-2024-25621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25621"
},
{
"name": "CVE-2025-36365",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36365"
},
{
"name": "CVE-2023-42503",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42503"
},
{
"name": "CVE-2025-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27904"
},
{
"name": "CVE-2025-32387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32387"
},
{
"name": "CVE-2025-58058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58058"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2025-58189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
},
{
"name": "CVE-2025-36442",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36442"
},
{
"name": "CVE-2024-28863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2026-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2025-21905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21905"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-7339",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7339"
},
{
"name": "CVE-2025-14689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14689"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2024-47072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47072"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2025-36366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36366"
},
{
"name": "CVE-2025-36123",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36123"
},
{
"name": "CVE-2025-27900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27900"
},
{
"name": "CVE-2025-0426",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0426"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2025-27899",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27899"
},
{
"name": "CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"name": "CVE-2023-22044",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22044"
},
{
"name": "CVE-2025-48997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48997"
},
{
"name": "CVE-2025-27901",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27901"
},
{
"name": "CVE-2022-45047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
},
{
"name": "CVE-2021-22570",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22570"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2025-48387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48387"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2025-27898",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27898"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2023-2728",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2728"
},
{
"name": "CVE-2024-7143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7143"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2022-21619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
},
{
"name": "CVE-2025-36407",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36407"
},
{
"name": "CVE-2025-7338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7338"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2025-13465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
},
{
"name": "CVE-2025-55184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55184"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2024-27267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
},
{
"name": "CVE-2025-59343",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59343"
},
{
"name": "CVE-2024-36623",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36623"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2024-36620",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36620"
},
{
"name": "CVE-2025-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27221"
},
{
"name": "CVE-2021-20251",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20251"
},
{
"name": "CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
},
{
"name": "CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
},
{
"name": "CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
}
],
"initial_release_date": "2026-03-06T00:00:00",
"last_revision_date": "2026-03-06T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0249",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2026-03-06",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262753",
"url": "https://www.ibm.com/support/pages/node/7262753"
},
{
"published_at": "2026-03-06",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262754",
"url": "https://www.ibm.com/support/pages/node/7262754"
},
{
"published_at": "2026-03-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262324",
"url": "https://www.ibm.com/support/pages/node/7262324"
},
{
"published_at": "2026-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262669",
"url": "https://www.ibm.com/support/pages/node/7262669"
},
{
"published_at": "2026-03-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262494",
"url": "https://www.ibm.com/support/pages/node/7262494"
},
{
"published_at": "2026-03-04",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262548",
"url": "https://www.ibm.com/support/pages/node/7262548"
},
{
"published_at": "2026-03-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262325",
"url": "https://www.ibm.com/support/pages/node/7262325"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7259901",
"url": "https://www.ibm.com/support/pages/node/7259901"
}
]
}
FKIE_CVE-2024-12905
Vulnerability from fkie_nvd - Published: 2025-03-27 17:15 - Updated: 2026-04-15 00:35
Severity
Summary
An Improper Link Resolution Before File Access ("Link Following") and Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package.
This issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8.
References
| URL | Tags | ||
|---|---|---|---|
| 22e2d327-25fe-45d7-9f0c-dcd23b7108df | https://github.com/mafintosh/tar-fs/commit/a1dd7e7c7f4b4a8bd2ab60f513baca573b44e2ed | ||
| 22e2d327-25fe-45d7-9f0c-dcd23b7108df | https://www.seal.security/blog/a-link-to-the-past-uncovering-a-new-vulnerability-in-tar-fs | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2025/06/msg00012.html |
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Link Resolution Before File Access (\"Link Following\") and Improper Limitation of a Pathname to a Restricted Directory (\"Path Traversal\"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package.\n\nThis issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8."
},
{
"lang": "es",
"value": "Resoluci\u00f3n incorrecta de enlaces antes del acceso a archivos (\"Link Following\") y limitaci\u00f3n incorrecta de una ruta a un directorio restringido (\"Path Traversal\"). Esta vulnerabilidad se produce al extraer un archivo tar manipulado con fines maliciosos, lo que puede provocar escrituras o sobrescrituras no autorizadas de archivos fuera del directorio de extracci\u00f3n previsto. El problema est\u00e1 asociado con index.js en el paquete tar-fs. Este problema afecta a tar-fs: desde la versi\u00f3n 0.0.0 hasta la 1.16.4, desde la versi\u00f3n 2.0.0 hasta la 2.1.2, desde la versi\u00f3n 3.0.0 hasta la 3.0.8."
}
],
"id": "CVE-2024-12905",
"lastModified": "2026-04-15T00:35:42.020",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "22e2d327-25fe-45d7-9f0c-dcd23b7108df",
"type": "Secondary"
}
]
},
"published": "2025-03-27T17:15:53.250",
"references": [
{
"source": "22e2d327-25fe-45d7-9f0c-dcd23b7108df",
"url": "https://github.com/mafintosh/tar-fs/commit/a1dd7e7c7f4b4a8bd2ab60f513baca573b44e2ed"
},
{
"source": "22e2d327-25fe-45d7-9f0c-dcd23b7108df",
"url": "https://www.seal.security/blog/a-link-to-the-past-uncovering-a-new-vulnerability-in-tar-fs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00012.html"
}
],
"sourceIdentifier": "22e2d327-25fe-45d7-9f0c-dcd23b7108df",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "22e2d327-25fe-45d7-9f0c-dcd23b7108df",
"type": "Secondary"
}
]
}
GHSA-PQ67-2WWV-3XJX
Vulnerability from github – Published: 2025-03-27 18:31 – Updated: 2025-11-03 22:54
VLAI
Summary
tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File
Details
An Improper Link Resolution Before File Access ("Link Following") and Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package.
This issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.7.
PoC
// Create a writable stream to extract the tar content
const extractStream = tarfs.extract('/', {
// We can ignore the file type checks to allow the extraction of the malicious file
ignore: (name) => false,
});
// Create a tar stream
const tarStream = tarfs.pack().on('error', (err) => {
throw err;
});
// Append the malicious entry to the tar stream
tarStream.entry({ name: '/flag.txt', mode: 0o644 }, Buffer.from('This is a flag!'));
// Finalize the tar stream
tarStream.finalize();
// Pipe the tar stream into the extract stream
tarStream.pipe(extractStream);
Severity
7.5 (High)
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "tar-fs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.16.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "tar-fs"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.1.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "tar-fs"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.0.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-12905"
],
"database_specific": {
"cwe_ids": [
"CWE-22"
],
"github_reviewed": true,
"github_reviewed_at": "2025-03-28T22:11:42Z",
"nvd_published_at": "2025-03-27T17:15:53Z",
"severity": "HIGH"
},
"details": "An Improper Link Resolution Before File Access (\"Link Following\") and Improper Limitation of a Pathname to a Restricted Directory (\"Path Traversal\"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package.\n\nThis issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.7.\n\n### PoC\n```javascript\n// Create a writable stream to extract the tar content\nconst extractStream = tarfs.extract(\u0027/\u0027, {\n // We can ignore the file type checks to allow the extraction of the malicious file\n ignore: (name) =\u003e false,\n});\n\n// Create a tar stream\nconst tarStream = tarfs.pack().on(\u0027error\u0027, (err) =\u003e {\n throw err;\n});\n\n// Append the malicious entry to the tar stream\ntarStream.entry({ name: \u0027/flag.txt\u0027, mode: 0o644 }, Buffer.from(\u0027This is a flag!\u0027));\n\n// Finalize the tar stream\ntarStream.finalize();\n\n// Pipe the tar stream into the extract stream\ntarStream.pipe(extractStream);\n```",
"id": "GHSA-pq67-2wwv-3xjx",
"modified": "2025-11-03T22:54:57Z",
"published": "2025-03-27T18:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12905"
},
{
"type": "WEB",
"url": "https://github.com/mafintosh/tar-fs/commit/a1dd7e7c7f4b4a8bd2ab60f513baca573b44e2ed"
},
{
"type": "WEB",
"url": "https://arxiv.org/abs/2506.04962"
},
{
"type": "WEB",
"url": "https://arxiv.org/pdf/2506.04962"
},
{
"type": "PACKAGE",
"url": "https://github.com/mafintosh/tar-fs"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00012.html"
},
{
"type": "WEB",
"url": "https://www.seal.security/blog/a-link-to-the-past-uncovering-a-new-vulnerability-in-tar-fs"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File"
}
MSRC_CVE-2024-12905
Vulnerability from csaf_microsoft - Published: 2025-03-02 00:00 - Updated: 2026-02-18 01:49Summary
An Improper Link Resolution Before File Access ("Link Following") and Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package.
This issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8.
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 19820-17086 | — |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17086-1 | — |
Vendor Fix
fix
|
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2025/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2025/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2024-12905 An Improper Link Resolution Before File Access (\"Link Following\") and Improper Limitation of a Pathname to a Restricted Directory (\"Path Traversal\"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package.\n\nThis issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2024-12905.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "An Improper Link Resolution Before File Access (\"Link Following\") and Improper Limitation of a Pathname to a Restricted Directory (\"Path Traversal\"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package.\n\nThis issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8.",
"tracking": {
"current_release_date": "2026-02-18T01:49:59.000Z",
"generator": {
"date": "2026-02-18T15:05:13.322Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2024-12905",
"initial_release_date": "2025-03-02T00:00:00.000Z",
"revision_history": [
{
"date": "2025-04-11T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2026-02-18T01:49:59.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Information published."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 reaper 3.1.1-18",
"product": {
"name": "\u003ccbl2 reaper 3.1.1-18",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cbl2 reaper 3.1.1-18",
"product": {
"name": "cbl2 reaper 3.1.1-18",
"product_id": "19820"
}
}
],
"category": "product_name",
"name": "reaper"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 reaper 3.1.1-18 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 reaper 3.1.1-18 as a component of CBL Mariner 2.0",
"product_id": "19820-17086"
},
"product_reference": "19820",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12905",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0026#39;Link Following\u0026#39;)"
},
"notes": [
{
"category": "general",
"text": "seal",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"19820-17086"
],
"known_affected": [
"17086-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-12905 An Improper Link Resolution Before File Access (\"Link Following\") and Improper Limitation of a Pathname to a Restricted Directory (\"Path Traversal\"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package.\n\nThis issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2024-12905.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-11T00:00:00.000Z",
"details": "3.1.1-18:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"17086-1"
]
}
],
"title": "An Improper Link Resolution Before File Access (\"Link Following\") and Improper Limitation of a Pathname to a Restricted Directory (\"Path Traversal\"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package.\n\nThis issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8."
}
]
}
RHSA-2025:3932
Vulnerability from csaf_redhat - Published: 2025-04-16 02:48 - Updated: 2026-06-04 17:44Summary
Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.20.0 release
Severity
Important
Notes
Topic: Red Hat OpenShift Dev Spaces 3.20 has been released.
All containers have been updated to include feature enhancements, bug fixes and CVE fixes.
Details: Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.
The 3.20 release is based on Eclipse Che 7.100 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.
Users still using the v1 standard should migrate as soon as possible.
https://devfile.io/docs/2.2.0/migrating-to-devfile-v2
Dev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates.
https://access.redhat.com/support/policy/updates/openshift#devspaces
Security Fix(es):
DevSpaces-Operator
- golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws (CVE-2025-22868)
- golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (CVE-2025-22869)
DevSpaces-Pluginregistry
- tar-fs: link following and path traversal via maliciously crafted tar file (CVE-2024-12905)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the tar-fs package for Node.js. In affected versions, unauthorized file writes or overwrites outside the intended extraction directory can occur when extracting a maliciously crafted tar file. The issue is associated with index.js in the tar-fs package.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:54de6ce2c4b3a652b5af186490c65a07c4434d253548596f355b3cd3d4f1bd9b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:f9d32726831f630601ad041898282bb5eaa50e81d6f8aeae6cf4a6fe272c37a6_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:fdd3cdce6f5d0308b19f84dbe31b746c3400c67b675a173e8062dfa593290e51_amd64 | — |
Vendor Fix
fix
|
Known not affected
37 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:4e822fa90a85d0321e809dc028f6a72b1e47a3bb7173143d79206b9b8af55b7e_amd64 | — | ||
| Unresolved product id: 9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:1213f967cbe599166dcaa07280cf27c48cbb5c3e2828df278090fb1aa4636c8c_s390x | — | ||
| Unresolved product id: 9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:13e0884bb5ae5129350025beea1cbd2a6fdd9087718f6e085738a048629519b9_amd64 | — | ||
| Unresolved product id: 9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:c2322954825785303dc48f29c5176bc173f58ab3215b0c710000bdcee08458be_ppc64le | — | ||
| Unresolved product id: 9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d956ac914d55184d56a5f5dee491254f5267c0fbc984a1171429e3a234872a84_amd64 | — | ||
| Unresolved product id: 9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e0ddb90fb05f486b80fe1c0e7222bc6dd90071f762ab8fd8cfc45a39faa020b0_s390x | — | ||
| Unresolved product id: 9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e10c4f241fb1dfa9437e453b65ed57ca79550e487f16bc6742d6c1359824dcc0_ppc64le | — | ||
| Unresolved product id: 9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:0b605af925e0664d9f6a89c2460cbe56b6af3979bc394e97518a1ce64756dccb_amd64 | — | ||
| Unresolved product id: 9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:3ece40e4a3862dc29d9bb41f407117fc52db2ca8208a1dabe82eea28e7a9ba29_ppc64le | — | ||
| Unresolved product id: 9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:effcd9952d7714b29c9496cf632d8e8ad1f5e1fffe4a46e59d57da42490da840_s390x | — | ||
| Unresolved product id: 9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:63c5caa6688b3aae3aee9c58e497b1afc7b9b0638eb83a3627eed3004fca11c3_amd64 | — | ||
| Unresolved product id: 9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f3066189610abf7be0b9d2e827a108d6cdfcdd1a26dea8bb426af669b40d12ff_s390x | — | ||
| Unresolved product id: 9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f99e4373e39a70c99f4c67cd1a10483c99310e478e5a8b840ab114d11ed2ebd3_ppc64le | — | ||
| Unresolved product id: 9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:091d2d34fbd525a7e9b2c4b1b8eef5283039dfcaac597bece9f4ad0236d1cbf9_s390x | — | ||
| Unresolved product id: 9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:1bf0e4367621ed8fef30b5fbd6fbffa59731ecb20cbb8c9772015f8958198a16_ppc64le | — | ||
| Unresolved product id: 9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a577adb2dbaddcf1ebdcec2a7c4d0a6b3a948fcf55d9890749f1605e8142b8d8_amd64 | — | ||
| Unresolved product id: 9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:1fe43138f2ee8603e1f7aa2f9ade87a09099312836b79b606f09c6ded655c2a2_ppc64le | — | ||
| Unresolved product id: 9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:c3ad009df338a94aed8ca3d4d069bee447ce8b64291bc702fcfa408429108a80_amd64 | — | ||
| Unresolved product id: 9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:d08147821133be235c9048e9b815576d38560f8e9745d64cf6ba1123dc3e3f89_s390x | — | ||
| Unresolved product id: 9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:01217396dfa1ffa44e9cf6b384093a7b6946135fd8fa122083ac6062a3790a2d_ppc64le | — | ||
| Unresolved product id: 9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6987db3152cec7edcf50dbe86d50a5dcdb4923b0879212711b062718a1e4b162_amd64 | — | ||
| Unresolved product id: 9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:ef04c7de41b9b0f5b53d7a8ac39121c509070a6023d75c1cf8f32301ab356567_s390x | — | ||
| Unresolved product id: 9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:134c31698768c99170eb6d27d6283b5f18459dec70fda9137ec0aac2ac60c324_s390x | — | ||
| Unresolved product id: 9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:be8e49378081f05fafba369f406d1cd211ca49e8fac21ce25176ab543094ae13_amd64 | — | ||
| Unresolved product id: 9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ea043fb015e82632de477f17a94e0b9dd31b34312c0214fd2b8128e0d71ba716_ppc64le | — | ||
| Unresolved product id: 9Base-RHOSDS-3:devspaces/server-rhel9@sha256:7e1b73c1d0ba5325bc430c8d01efa1e563f09bb34c1a88a4cf77a9001c7e955a_s390x | — | ||
| Unresolved product id: 9Base-RHOSDS-3:devspaces/server-rhel9@sha256:c12a41f6dfda6df2d532cc9c02e537c4fdcf52c7ec3ebb597bba38f1fe9eb040_ppc64le | — | ||
| Unresolved product id: 9Base-RHOSDS-3:devspaces/server-rhel9@sha256:cb4010ab30ac7e6d063fc7b746f1af3b811218e102013554f2f1969f6a237b20_amd64 | — | ||
| Unresolved product id: 9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:01e231b75154957ecf5fa3f0d201f648d8558c6cfd7294a49865ff857316ee89_s390x | — | ||
| Unresolved product id: 9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:07939c868b6db934987241cdd6bef796bcc3fe3f0baf2ab940d1f6bf190141a5_ppc64le | — | ||
| Unresolved product id: 9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:193abc8712f684e9ed2d4b13b338ff20e3b29c07d433a7a73b0a7b152fff335d_amd64 | — | ||
| Unresolved product id: 9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:37984d3f5b7450fc01b101e1635430147b20ecf03b1e79abe6f6b350fa7be1c1_amd64 | — | ||
| Unresolved product id: 9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:5ca1c51f319331e9040acdc25bacab449c812165d11da5deb40f72a7ccf9824d_s390x | — | ||
| Unresolved product id: 9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:9df8324b79247bd77ad74b8948ff134db72559e88c53fab3a1259b7113a677d9_ppc64le | — | ||
| Unresolved product id: 9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:5997b680718b3b4cd7f19b0c59774ce5f7827926c7f679a55cfd608c26cff7dc_s390x | — | ||
| Unresolved product id: 9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:8d0dbdfa02c2f09576916271aeb0cfeeffc6554c02ee95035bf827de75809017_ppc64le | — | ||
| Unresolved product id: 9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:a2bdfc8f71be04e61c6175ca533a4d759a69a297398319ddc751b5ffd9a4e3ef_amd64 | — |
Threats
Impact
Important
A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, ".")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:1fe43138f2ee8603e1f7aa2f9ade87a09099312836b79b606f09c6ded655c2a2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:c3ad009df338a94aed8ca3d4d069bee447ce8b64291bc702fcfa408429108a80_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:d08147821133be235c9048e9b815576d38560f8e9745d64cf6ba1123dc3e3f89_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
37 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:4e822fa90a85d0321e809dc028f6a72b1e47a3bb7173143d79206b9b8af55b7e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:1213f967cbe599166dcaa07280cf27c48cbb5c3e2828df278090fb1aa4636c8c_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:13e0884bb5ae5129350025beea1cbd2a6fdd9087718f6e085738a048629519b9_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:c2322954825785303dc48f29c5176bc173f58ab3215b0c710000bdcee08458be_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d956ac914d55184d56a5f5dee491254f5267c0fbc984a1171429e3a234872a84_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e0ddb90fb05f486b80fe1c0e7222bc6dd90071f762ab8fd8cfc45a39faa020b0_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e10c4f241fb1dfa9437e453b65ed57ca79550e487f16bc6742d6c1359824dcc0_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:0b605af925e0664d9f6a89c2460cbe56b6af3979bc394e97518a1ce64756dccb_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:3ece40e4a3862dc29d9bb41f407117fc52db2ca8208a1dabe82eea28e7a9ba29_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:effcd9952d7714b29c9496cf632d8e8ad1f5e1fffe4a46e59d57da42490da840_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:63c5caa6688b3aae3aee9c58e497b1afc7b9b0638eb83a3627eed3004fca11c3_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f3066189610abf7be0b9d2e827a108d6cdfcdd1a26dea8bb426af669b40d12ff_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f99e4373e39a70c99f4c67cd1a10483c99310e478e5a8b840ab114d11ed2ebd3_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:091d2d34fbd525a7e9b2c4b1b8eef5283039dfcaac597bece9f4ad0236d1cbf9_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:1bf0e4367621ed8fef30b5fbd6fbffa59731ecb20cbb8c9772015f8958198a16_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a577adb2dbaddcf1ebdcec2a7c4d0a6b3a948fcf55d9890749f1605e8142b8d8_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:01217396dfa1ffa44e9cf6b384093a7b6946135fd8fa122083ac6062a3790a2d_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6987db3152cec7edcf50dbe86d50a5dcdb4923b0879212711b062718a1e4b162_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:ef04c7de41b9b0f5b53d7a8ac39121c509070a6023d75c1cf8f32301ab356567_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:134c31698768c99170eb6d27d6283b5f18459dec70fda9137ec0aac2ac60c324_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:be8e49378081f05fafba369f406d1cd211ca49e8fac21ce25176ab543094ae13_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ea043fb015e82632de477f17a94e0b9dd31b34312c0214fd2b8128e0d71ba716_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:54de6ce2c4b3a652b5af186490c65a07c4434d253548596f355b3cd3d4f1bd9b_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:f9d32726831f630601ad041898282bb5eaa50e81d6f8aeae6cf4a6fe272c37a6_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:fdd3cdce6f5d0308b19f84dbe31b746c3400c67b675a173e8062dfa593290e51_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/server-rhel9@sha256:7e1b73c1d0ba5325bc430c8d01efa1e563f09bb34c1a88a4cf77a9001c7e955a_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/server-rhel9@sha256:c12a41f6dfda6df2d532cc9c02e537c4fdcf52c7ec3ebb597bba38f1fe9eb040_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/server-rhel9@sha256:cb4010ab30ac7e6d063fc7b746f1af3b811218e102013554f2f1969f6a237b20_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:01e231b75154957ecf5fa3f0d201f648d8558c6cfd7294a49865ff857316ee89_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:07939c868b6db934987241cdd6bef796bcc3fe3f0baf2ab940d1f6bf190141a5_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:193abc8712f684e9ed2d4b13b338ff20e3b29c07d433a7a73b0a7b152fff335d_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:37984d3f5b7450fc01b101e1635430147b20ecf03b1e79abe6f6b350fa7be1c1_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:5ca1c51f319331e9040acdc25bacab449c812165d11da5deb40f72a7ccf9824d_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:9df8324b79247bd77ad74b8948ff134db72559e88c53fab3a1259b7113a677d9_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:5997b680718b3b4cd7f19b0c59774ce5f7827926c7f679a55cfd608c26cff7dc_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:8d0dbdfa02c2f09576916271aeb0cfeeffc6554c02ee95035bf827de75809017_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:a2bdfc8f71be04e61c6175ca533a4d759a69a297398319ddc751b5ffd9a4e3ef_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:1fe43138f2ee8603e1f7aa2f9ade87a09099312836b79b606f09c6ded655c2a2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:c3ad009df338a94aed8ca3d4d069bee447ce8b64291bc702fcfa408429108a80_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:d08147821133be235c9048e9b815576d38560f8e9745d64cf6ba1123dc3e3f89_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
37 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:4e822fa90a85d0321e809dc028f6a72b1e47a3bb7173143d79206b9b8af55b7e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:1213f967cbe599166dcaa07280cf27c48cbb5c3e2828df278090fb1aa4636c8c_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:13e0884bb5ae5129350025beea1cbd2a6fdd9087718f6e085738a048629519b9_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:c2322954825785303dc48f29c5176bc173f58ab3215b0c710000bdcee08458be_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d956ac914d55184d56a5f5dee491254f5267c0fbc984a1171429e3a234872a84_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e0ddb90fb05f486b80fe1c0e7222bc6dd90071f762ab8fd8cfc45a39faa020b0_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e10c4f241fb1dfa9437e453b65ed57ca79550e487f16bc6742d6c1359824dcc0_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:0b605af925e0664d9f6a89c2460cbe56b6af3979bc394e97518a1ce64756dccb_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:3ece40e4a3862dc29d9bb41f407117fc52db2ca8208a1dabe82eea28e7a9ba29_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:effcd9952d7714b29c9496cf632d8e8ad1f5e1fffe4a46e59d57da42490da840_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:63c5caa6688b3aae3aee9c58e497b1afc7b9b0638eb83a3627eed3004fca11c3_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f3066189610abf7be0b9d2e827a108d6cdfcdd1a26dea8bb426af669b40d12ff_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f99e4373e39a70c99f4c67cd1a10483c99310e478e5a8b840ab114d11ed2ebd3_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:091d2d34fbd525a7e9b2c4b1b8eef5283039dfcaac597bece9f4ad0236d1cbf9_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:1bf0e4367621ed8fef30b5fbd6fbffa59731ecb20cbb8c9772015f8958198a16_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a577adb2dbaddcf1ebdcec2a7c4d0a6b3a948fcf55d9890749f1605e8142b8d8_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:01217396dfa1ffa44e9cf6b384093a7b6946135fd8fa122083ac6062a3790a2d_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6987db3152cec7edcf50dbe86d50a5dcdb4923b0879212711b062718a1e4b162_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:ef04c7de41b9b0f5b53d7a8ac39121c509070a6023d75c1cf8f32301ab356567_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:134c31698768c99170eb6d27d6283b5f18459dec70fda9137ec0aac2ac60c324_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:be8e49378081f05fafba369f406d1cd211ca49e8fac21ce25176ab543094ae13_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ea043fb015e82632de477f17a94e0b9dd31b34312c0214fd2b8128e0d71ba716_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:54de6ce2c4b3a652b5af186490c65a07c4434d253548596f355b3cd3d4f1bd9b_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:f9d32726831f630601ad041898282bb5eaa50e81d6f8aeae6cf4a6fe272c37a6_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:fdd3cdce6f5d0308b19f84dbe31b746c3400c67b675a173e8062dfa593290e51_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/server-rhel9@sha256:7e1b73c1d0ba5325bc430c8d01efa1e563f09bb34c1a88a4cf77a9001c7e955a_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/server-rhel9@sha256:c12a41f6dfda6df2d532cc9c02e537c4fdcf52c7ec3ebb597bba38f1fe9eb040_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/server-rhel9@sha256:cb4010ab30ac7e6d063fc7b746f1af3b811218e102013554f2f1969f6a237b20_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:01e231b75154957ecf5fa3f0d201f648d8558c6cfd7294a49865ff857316ee89_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:07939c868b6db934987241cdd6bef796bcc3fe3f0baf2ab940d1f6bf190141a5_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:193abc8712f684e9ed2d4b13b338ff20e3b29c07d433a7a73b0a7b152fff335d_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:37984d3f5b7450fc01b101e1635430147b20ecf03b1e79abe6f6b350fa7be1c1_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:5ca1c51f319331e9040acdc25bacab449c812165d11da5deb40f72a7ccf9824d_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:9df8324b79247bd77ad74b8948ff134db72559e88c53fab3a1259b7113a677d9_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:5997b680718b3b4cd7f19b0c59774ce5f7827926c7f679a55cfd608c26cff7dc_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:8d0dbdfa02c2f09576916271aeb0cfeeffc6554c02ee95035bf827de75809017_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:a2bdfc8f71be04e61c6175ca533a4d759a69a297398319ddc751b5ffd9a4e3ef_amd64 | — |
Workaround
|
Threats
Impact
Important
References
26 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2025:3932 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2348366 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2348367 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2355460 | external |
| https://issues.redhat.com/browse/CRW-8327 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2024-12905 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2355460 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-12905 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-12905 | external |
| https://github.com/mafintosh/tar-fs/commit/a1dd7e… | external |
| https://access.redhat.com/security/cve/CVE-2025-22868 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2348366 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-22868 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-22868 | external |
| https://go.dev/cl/652155 | external |
| https://go.dev/issue/71490 | external |
| https://pkg.go.dev/vuln/GO-2025-3488 | external |
| https://access.redhat.com/security/cve/CVE-2025-22869 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2348367 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-22869 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-22869 | external |
| https://go.dev/cl/652135 | external |
| https://go.dev/issue/71931 | external |
| https://pkg.go.dev/vuln/GO-2025-3487 | external |
Acknowledgments
jub0bs
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Dev Spaces 3.20 has been released.\n\nAll containers have been updated to include feature enhancements, bug fixes and CVE fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.\n\nThe 3.20 release is based on Eclipse Che 7.100 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.\n\nUsers still using the v1 standard should migrate as soon as possible.\n\nhttps://devfile.io/docs/2.2.0/migrating-to-devfile-v2\n\nDev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates. \n\nhttps://access.redhat.com/support/policy/updates/openshift#devspaces\n\nSecurity Fix(es):\n\nDevSpaces-Operator\n- golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws (CVE-2025-22868)\n- golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (CVE-2025-22869)\n\nDevSpaces-Pluginregistry\n- tar-fs: link following and path traversal via maliciously crafted tar file (CVE-2024-12905)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:3932",
"url": "https://access.redhat.com/errata/RHSA-2025:3932"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2348366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348366"
},
{
"category": "external",
"summary": "2348367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348367"
},
{
"category": "external",
"summary": "2355460",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355460"
},
{
"category": "external",
"summary": "CRW-8327",
"url": "https://issues.redhat.com/browse/CRW-8327"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_3932.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.20.0 release",
"tracking": {
"current_release_date": "2026-06-04T17:44:56+00:00",
"generator": {
"date": "2026-06-04T17:44:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:3932",
"initial_release_date": "2025-04-16T02:48:23+00:00",
"revision_history": [
{
"date": "2025-04-16T02:48:23+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-04-16T02:48:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-04T17:44:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Dev Spaces 3",
"product": {
"name": "Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_devspaces:3::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Dev Spaces"
},
{
"branches": [
{
"category": "product_version",
"name": "devspaces/code-rhel9@sha256:e10c4f241fb1dfa9437e453b65ed57ca79550e487f16bc6742d6c1359824dcc0_ppc64le",
"product": {
"name": "devspaces/code-rhel9@sha256:e10c4f241fb1dfa9437e453b65ed57ca79550e487f16bc6742d6c1359824dcc0_ppc64le",
"product_id": "devspaces/code-rhel9@sha256:e10c4f241fb1dfa9437e453b65ed57ca79550e487f16bc6742d6c1359824dcc0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256:e10c4f241fb1dfa9437e453b65ed57ca79550e487f16bc6742d6c1359824dcc0?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/code-rhel9\u0026tag=3.20-5"
}
}
},
{
"category": "product_version",
"name": "devspaces/configbump-rhel9@sha256:3ece40e4a3862dc29d9bb41f407117fc52db2ca8208a1dabe82eea28e7a9ba29_ppc64le",
"product": {
"name": "devspaces/configbump-rhel9@sha256:3ece40e4a3862dc29d9bb41f407117fc52db2ca8208a1dabe82eea28e7a9ba29_ppc64le",
"product_id": "devspaces/configbump-rhel9@sha256:3ece40e4a3862dc29d9bb41f407117fc52db2ca8208a1dabe82eea28e7a9ba29_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256:3ece40e4a3862dc29d9bb41f407117fc52db2ca8208a1dabe82eea28e7a9ba29?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel9\u0026tag=3.20-5"
}
}
},
{
"category": "product_version",
"name": "devspaces/dashboard-rhel9@sha256:f99e4373e39a70c99f4c67cd1a10483c99310e478e5a8b840ab114d11ed2ebd3_ppc64le",
"product": {
"name": "devspaces/dashboard-rhel9@sha256:f99e4373e39a70c99f4c67cd1a10483c99310e478e5a8b840ab114d11ed2ebd3_ppc64le",
"product_id": "devspaces/dashboard-rhel9@sha256:f99e4373e39a70c99f4c67cd1a10483c99310e478e5a8b840ab114d11ed2ebd3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256:f99e4373e39a70c99f4c67cd1a10483c99310e478e5a8b840ab114d11ed2ebd3?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel9\u0026tag=3.20-7"
}
}
},
{
"category": "product_version",
"name": "devspaces/imagepuller-rhel9@sha256:01217396dfa1ffa44e9cf6b384093a7b6946135fd8fa122083ac6062a3790a2d_ppc64le",
"product": {
"name": "devspaces/imagepuller-rhel9@sha256:01217396dfa1ffa44e9cf6b384093a7b6946135fd8fa122083ac6062a3790a2d_ppc64le",
"product_id": "devspaces/imagepuller-rhel9@sha256:01217396dfa1ffa44e9cf6b384093a7b6946135fd8fa122083ac6062a3790a2d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256:01217396dfa1ffa44e9cf6b384093a7b6946135fd8fa122083ac6062a3790a2d?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel9\u0026tag=3.20-1"
}
}
},
{
"category": "product_version",
"name": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:c2322954825785303dc48f29c5176bc173f58ab3215b0c710000bdcee08458be_ppc64le",
"product": {
"name": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:c2322954825785303dc48f29c5176bc173f58ab3215b0c710000bdcee08458be_ppc64le",
"product_id": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:c2322954825785303dc48f29c5176bc173f58ab3215b0c710000bdcee08458be_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256:c2322954825785303dc48f29c5176bc173f58ab3215b0c710000bdcee08458be?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9\u0026tag=3.20-7"
}
}
},
{
"category": "product_version",
"name": "devspaces/machineexec-rhel9@sha256:ea043fb015e82632de477f17a94e0b9dd31b34312c0214fd2b8128e0d71ba716_ppc64le",
"product": {
"name": "devspaces/machineexec-rhel9@sha256:ea043fb015e82632de477f17a94e0b9dd31b34312c0214fd2b8128e0d71ba716_ppc64le",
"product_id": "devspaces/machineexec-rhel9@sha256:ea043fb015e82632de477f17a94e0b9dd31b34312c0214fd2b8128e0d71ba716_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel9@sha256:ea043fb015e82632de477f17a94e0b9dd31b34312c0214fd2b8128e0d71ba716?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel9\u0026tag=3.20-3"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-operator-bundle@sha256:1bf0e4367621ed8fef30b5fbd6fbffa59731ecb20cbb8c9772015f8958198a16_ppc64le",
"product": {
"name": "devspaces/devspaces-operator-bundle@sha256:1bf0e4367621ed8fef30b5fbd6fbffa59731ecb20cbb8c9772015f8958198a16_ppc64le",
"product_id": "devspaces/devspaces-operator-bundle@sha256:1bf0e4367621ed8fef30b5fbd6fbffa59731ecb20cbb8c9772015f8958198a16_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256:1bf0e4367621ed8fef30b5fbd6fbffa59731ecb20cbb8c9772015f8958198a16?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.20-21"
}
}
},
{
"category": "product_version",
"name": "devspaces/pluginregistry-rhel9@sha256:f9d32726831f630601ad041898282bb5eaa50e81d6f8aeae6cf4a6fe272c37a6_ppc64le",
"product": {
"name": "devspaces/pluginregistry-rhel9@sha256:f9d32726831f630601ad041898282bb5eaa50e81d6f8aeae6cf4a6fe272c37a6_ppc64le",
"product_id": "devspaces/pluginregistry-rhel9@sha256:f9d32726831f630601ad041898282bb5eaa50e81d6f8aeae6cf4a6fe272c37a6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256:f9d32726831f630601ad041898282bb5eaa50e81d6f8aeae6cf4a6fe272c37a6?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel9\u0026tag=3.20-6"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-rhel9-operator@sha256:1fe43138f2ee8603e1f7aa2f9ade87a09099312836b79b606f09c6ded655c2a2_ppc64le",
"product": {
"name": "devspaces/devspaces-rhel9-operator@sha256:1fe43138f2ee8603e1f7aa2f9ade87a09099312836b79b606f09c6ded655c2a2_ppc64le",
"product_id": "devspaces/devspaces-rhel9-operator@sha256:1fe43138f2ee8603e1f7aa2f9ade87a09099312836b79b606f09c6ded655c2a2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256:1fe43138f2ee8603e1f7aa2f9ade87a09099312836b79b606f09c6ded655c2a2?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel9-operator\u0026tag=3.20-12"
}
}
},
{
"category": "product_version",
"name": "devspaces/server-rhel9@sha256:c12a41f6dfda6df2d532cc9c02e537c4fdcf52c7ec3ebb597bba38f1fe9eb040_ppc64le",
"product": {
"name": "devspaces/server-rhel9@sha256:c12a41f6dfda6df2d532cc9c02e537c4fdcf52c7ec3ebb597bba38f1fe9eb040_ppc64le",
"product_id": "devspaces/server-rhel9@sha256:c12a41f6dfda6df2d532cc9c02e537c4fdcf52c7ec3ebb597bba38f1fe9eb040_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256:c12a41f6dfda6df2d532cc9c02e537c4fdcf52c7ec3ebb597bba38f1fe9eb040?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/server-rhel9\u0026tag=3.20-13"
}
}
},
{
"category": "product_version",
"name": "devspaces/traefik-rhel9@sha256:07939c868b6db934987241cdd6bef796bcc3fe3f0baf2ab940d1f6bf190141a5_ppc64le",
"product": {
"name": "devspaces/traefik-rhel9@sha256:07939c868b6db934987241cdd6bef796bcc3fe3f0baf2ab940d1f6bf190141a5_ppc64le",
"product_id": "devspaces/traefik-rhel9@sha256:07939c868b6db934987241cdd6bef796bcc3fe3f0baf2ab940d1f6bf190141a5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256:07939c868b6db934987241cdd6bef796bcc3fe3f0baf2ab940d1f6bf190141a5?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel9\u0026tag=3.20-1"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-base-rhel9@sha256:9df8324b79247bd77ad74b8948ff134db72559e88c53fab3a1259b7113a677d9_ppc64le",
"product": {
"name": "devspaces/udi-base-rhel9@sha256:9df8324b79247bd77ad74b8948ff134db72559e88c53fab3a1259b7113a677d9_ppc64le",
"product_id": "devspaces/udi-base-rhel9@sha256:9df8324b79247bd77ad74b8948ff134db72559e88c53fab3a1259b7113a677d9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256:9df8324b79247bd77ad74b8948ff134db72559e88c53fab3a1259b7113a677d9?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel9\u0026tag=3.20-1"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-rhel9@sha256:8d0dbdfa02c2f09576916271aeb0cfeeffc6554c02ee95035bf827de75809017_ppc64le",
"product": {
"name": "devspaces/udi-rhel9@sha256:8d0dbdfa02c2f09576916271aeb0cfeeffc6554c02ee95035bf827de75809017_ppc64le",
"product_id": "devspaces/udi-rhel9@sha256:8d0dbdfa02c2f09576916271aeb0cfeeffc6554c02ee95035bf827de75809017_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256:8d0dbdfa02c2f09576916271aeb0cfeeffc6554c02ee95035bf827de75809017?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/udi-rhel9\u0026tag=3.20-8"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "devspaces/code-rhel9@sha256:e0ddb90fb05f486b80fe1c0e7222bc6dd90071f762ab8fd8cfc45a39faa020b0_s390x",
"product": {
"name": "devspaces/code-rhel9@sha256:e0ddb90fb05f486b80fe1c0e7222bc6dd90071f762ab8fd8cfc45a39faa020b0_s390x",
"product_id": "devspaces/code-rhel9@sha256:e0ddb90fb05f486b80fe1c0e7222bc6dd90071f762ab8fd8cfc45a39faa020b0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256:e0ddb90fb05f486b80fe1c0e7222bc6dd90071f762ab8fd8cfc45a39faa020b0?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/code-rhel9\u0026tag=3.20-5"
}
}
},
{
"category": "product_version",
"name": "devspaces/configbump-rhel9@sha256:effcd9952d7714b29c9496cf632d8e8ad1f5e1fffe4a46e59d57da42490da840_s390x",
"product": {
"name": "devspaces/configbump-rhel9@sha256:effcd9952d7714b29c9496cf632d8e8ad1f5e1fffe4a46e59d57da42490da840_s390x",
"product_id": "devspaces/configbump-rhel9@sha256:effcd9952d7714b29c9496cf632d8e8ad1f5e1fffe4a46e59d57da42490da840_s390x",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256:effcd9952d7714b29c9496cf632d8e8ad1f5e1fffe4a46e59d57da42490da840?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel9\u0026tag=3.20-5"
}
}
},
{
"category": "product_version",
"name": "devspaces/dashboard-rhel9@sha256:f3066189610abf7be0b9d2e827a108d6cdfcdd1a26dea8bb426af669b40d12ff_s390x",
"product": {
"name": "devspaces/dashboard-rhel9@sha256:f3066189610abf7be0b9d2e827a108d6cdfcdd1a26dea8bb426af669b40d12ff_s390x",
"product_id": "devspaces/dashboard-rhel9@sha256:f3066189610abf7be0b9d2e827a108d6cdfcdd1a26dea8bb426af669b40d12ff_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256:f3066189610abf7be0b9d2e827a108d6cdfcdd1a26dea8bb426af669b40d12ff?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel9\u0026tag=3.20-7"
}
}
},
{
"category": "product_version",
"name": "devspaces/imagepuller-rhel9@sha256:ef04c7de41b9b0f5b53d7a8ac39121c509070a6023d75c1cf8f32301ab356567_s390x",
"product": {
"name": "devspaces/imagepuller-rhel9@sha256:ef04c7de41b9b0f5b53d7a8ac39121c509070a6023d75c1cf8f32301ab356567_s390x",
"product_id": "devspaces/imagepuller-rhel9@sha256:ef04c7de41b9b0f5b53d7a8ac39121c509070a6023d75c1cf8f32301ab356567_s390x",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256:ef04c7de41b9b0f5b53d7a8ac39121c509070a6023d75c1cf8f32301ab356567?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel9\u0026tag=3.20-1"
}
}
},
{
"category": "product_version",
"name": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:1213f967cbe599166dcaa07280cf27c48cbb5c3e2828df278090fb1aa4636c8c_s390x",
"product": {
"name": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:1213f967cbe599166dcaa07280cf27c48cbb5c3e2828df278090fb1aa4636c8c_s390x",
"product_id": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:1213f967cbe599166dcaa07280cf27c48cbb5c3e2828df278090fb1aa4636c8c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256:1213f967cbe599166dcaa07280cf27c48cbb5c3e2828df278090fb1aa4636c8c?arch=s390x\u0026repository_url=registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9\u0026tag=3.20-7"
}
}
},
{
"category": "product_version",
"name": "devspaces/machineexec-rhel9@sha256:134c31698768c99170eb6d27d6283b5f18459dec70fda9137ec0aac2ac60c324_s390x",
"product": {
"name": "devspaces/machineexec-rhel9@sha256:134c31698768c99170eb6d27d6283b5f18459dec70fda9137ec0aac2ac60c324_s390x",
"product_id": "devspaces/machineexec-rhel9@sha256:134c31698768c99170eb6d27d6283b5f18459dec70fda9137ec0aac2ac60c324_s390x",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel9@sha256:134c31698768c99170eb6d27d6283b5f18459dec70fda9137ec0aac2ac60c324?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel9\u0026tag=3.20-3"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-operator-bundle@sha256:091d2d34fbd525a7e9b2c4b1b8eef5283039dfcaac597bece9f4ad0236d1cbf9_s390x",
"product": {
"name": "devspaces/devspaces-operator-bundle@sha256:091d2d34fbd525a7e9b2c4b1b8eef5283039dfcaac597bece9f4ad0236d1cbf9_s390x",
"product_id": "devspaces/devspaces-operator-bundle@sha256:091d2d34fbd525a7e9b2c4b1b8eef5283039dfcaac597bece9f4ad0236d1cbf9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256:091d2d34fbd525a7e9b2c4b1b8eef5283039dfcaac597bece9f4ad0236d1cbf9?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.20-21"
}
}
},
{
"category": "product_version",
"name": "devspaces/pluginregistry-rhel9@sha256:54de6ce2c4b3a652b5af186490c65a07c4434d253548596f355b3cd3d4f1bd9b_s390x",
"product": {
"name": "devspaces/pluginregistry-rhel9@sha256:54de6ce2c4b3a652b5af186490c65a07c4434d253548596f355b3cd3d4f1bd9b_s390x",
"product_id": "devspaces/pluginregistry-rhel9@sha256:54de6ce2c4b3a652b5af186490c65a07c4434d253548596f355b3cd3d4f1bd9b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256:54de6ce2c4b3a652b5af186490c65a07c4434d253548596f355b3cd3d4f1bd9b?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel9\u0026tag=3.20-6"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-rhel9-operator@sha256:d08147821133be235c9048e9b815576d38560f8e9745d64cf6ba1123dc3e3f89_s390x",
"product": {
"name": "devspaces/devspaces-rhel9-operator@sha256:d08147821133be235c9048e9b815576d38560f8e9745d64cf6ba1123dc3e3f89_s390x",
"product_id": "devspaces/devspaces-rhel9-operator@sha256:d08147821133be235c9048e9b815576d38560f8e9745d64cf6ba1123dc3e3f89_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256:d08147821133be235c9048e9b815576d38560f8e9745d64cf6ba1123dc3e3f89?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel9-operator\u0026tag=3.20-12"
}
}
},
{
"category": "product_version",
"name": "devspaces/server-rhel9@sha256:7e1b73c1d0ba5325bc430c8d01efa1e563f09bb34c1a88a4cf77a9001c7e955a_s390x",
"product": {
"name": "devspaces/server-rhel9@sha256:7e1b73c1d0ba5325bc430c8d01efa1e563f09bb34c1a88a4cf77a9001c7e955a_s390x",
"product_id": "devspaces/server-rhel9@sha256:7e1b73c1d0ba5325bc430c8d01efa1e563f09bb34c1a88a4cf77a9001c7e955a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256:7e1b73c1d0ba5325bc430c8d01efa1e563f09bb34c1a88a4cf77a9001c7e955a?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/server-rhel9\u0026tag=3.20-13"
}
}
},
{
"category": "product_version",
"name": "devspaces/traefik-rhel9@sha256:01e231b75154957ecf5fa3f0d201f648d8558c6cfd7294a49865ff857316ee89_s390x",
"product": {
"name": "devspaces/traefik-rhel9@sha256:01e231b75154957ecf5fa3f0d201f648d8558c6cfd7294a49865ff857316ee89_s390x",
"product_id": "devspaces/traefik-rhel9@sha256:01e231b75154957ecf5fa3f0d201f648d8558c6cfd7294a49865ff857316ee89_s390x",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256:01e231b75154957ecf5fa3f0d201f648d8558c6cfd7294a49865ff857316ee89?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel9\u0026tag=3.20-1"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-base-rhel9@sha256:5ca1c51f319331e9040acdc25bacab449c812165d11da5deb40f72a7ccf9824d_s390x",
"product": {
"name": "devspaces/udi-base-rhel9@sha256:5ca1c51f319331e9040acdc25bacab449c812165d11da5deb40f72a7ccf9824d_s390x",
"product_id": "devspaces/udi-base-rhel9@sha256:5ca1c51f319331e9040acdc25bacab449c812165d11da5deb40f72a7ccf9824d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256:5ca1c51f319331e9040acdc25bacab449c812165d11da5deb40f72a7ccf9824d?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel9\u0026tag=3.20-1"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-rhel9@sha256:5997b680718b3b4cd7f19b0c59774ce5f7827926c7f679a55cfd608c26cff7dc_s390x",
"product": {
"name": "devspaces/udi-rhel9@sha256:5997b680718b3b4cd7f19b0c59774ce5f7827926c7f679a55cfd608c26cff7dc_s390x",
"product_id": "devspaces/udi-rhel9@sha256:5997b680718b3b4cd7f19b0c59774ce5f7827926c7f679a55cfd608c26cff7dc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256:5997b680718b3b4cd7f19b0c59774ce5f7827926c7f679a55cfd608c26cff7dc?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/udi-rhel9\u0026tag=3.20-8"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "devspaces/code-rhel9@sha256:d956ac914d55184d56a5f5dee491254f5267c0fbc984a1171429e3a234872a84_amd64",
"product": {
"name": "devspaces/code-rhel9@sha256:d956ac914d55184d56a5f5dee491254f5267c0fbc984a1171429e3a234872a84_amd64",
"product_id": "devspaces/code-rhel9@sha256:d956ac914d55184d56a5f5dee491254f5267c0fbc984a1171429e3a234872a84_amd64",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256:d956ac914d55184d56a5f5dee491254f5267c0fbc984a1171429e3a234872a84?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/code-rhel9\u0026tag=3.20-5"
}
}
},
{
"category": "product_version",
"name": "devspaces/configbump-rhel9@sha256:0b605af925e0664d9f6a89c2460cbe56b6af3979bc394e97518a1ce64756dccb_amd64",
"product": {
"name": "devspaces/configbump-rhel9@sha256:0b605af925e0664d9f6a89c2460cbe56b6af3979bc394e97518a1ce64756dccb_amd64",
"product_id": "devspaces/configbump-rhel9@sha256:0b605af925e0664d9f6a89c2460cbe56b6af3979bc394e97518a1ce64756dccb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256:0b605af925e0664d9f6a89c2460cbe56b6af3979bc394e97518a1ce64756dccb?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel9\u0026tag=3.20-5"
}
}
},
{
"category": "product_version",
"name": "devspaces/dashboard-rhel9@sha256:63c5caa6688b3aae3aee9c58e497b1afc7b9b0638eb83a3627eed3004fca11c3_amd64",
"product": {
"name": "devspaces/dashboard-rhel9@sha256:63c5caa6688b3aae3aee9c58e497b1afc7b9b0638eb83a3627eed3004fca11c3_amd64",
"product_id": "devspaces/dashboard-rhel9@sha256:63c5caa6688b3aae3aee9c58e497b1afc7b9b0638eb83a3627eed3004fca11c3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256:63c5caa6688b3aae3aee9c58e497b1afc7b9b0638eb83a3627eed3004fca11c3?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel9\u0026tag=3.20-7"
}
}
},
{
"category": "product_version",
"name": "devspaces-tech-preview/idea-rhel9@sha256:4e822fa90a85d0321e809dc028f6a72b1e47a3bb7173143d79206b9b8af55b7e_amd64",
"product": {
"name": "devspaces-tech-preview/idea-rhel9@sha256:4e822fa90a85d0321e809dc028f6a72b1e47a3bb7173143d79206b9b8af55b7e_amd64",
"product_id": "devspaces-tech-preview/idea-rhel9@sha256:4e822fa90a85d0321e809dc028f6a72b1e47a3bb7173143d79206b9b8af55b7e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/idea-rhel9@sha256:4e822fa90a85d0321e809dc028f6a72b1e47a3bb7173143d79206b9b8af55b7e?arch=amd64\u0026repository_url=registry.redhat.io/devspaces-tech-preview/idea-rhel9\u0026tag=3.20-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/imagepuller-rhel9@sha256:6987db3152cec7edcf50dbe86d50a5dcdb4923b0879212711b062718a1e4b162_amd64",
"product": {
"name": "devspaces/imagepuller-rhel9@sha256:6987db3152cec7edcf50dbe86d50a5dcdb4923b0879212711b062718a1e4b162_amd64",
"product_id": "devspaces/imagepuller-rhel9@sha256:6987db3152cec7edcf50dbe86d50a5dcdb4923b0879212711b062718a1e4b162_amd64",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256:6987db3152cec7edcf50dbe86d50a5dcdb4923b0879212711b062718a1e4b162?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel9\u0026tag=3.20-1"
}
}
},
{
"category": "product_version",
"name": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:13e0884bb5ae5129350025beea1cbd2a6fdd9087718f6e085738a048629519b9_amd64",
"product": {
"name": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:13e0884bb5ae5129350025beea1cbd2a6fdd9087718f6e085738a048629519b9_amd64",
"product_id": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:13e0884bb5ae5129350025beea1cbd2a6fdd9087718f6e085738a048629519b9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256:13e0884bb5ae5129350025beea1cbd2a6fdd9087718f6e085738a048629519b9?arch=amd64\u0026repository_url=registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9\u0026tag=3.20-7"
}
}
},
{
"category": "product_version",
"name": "devspaces/machineexec-rhel9@sha256:be8e49378081f05fafba369f406d1cd211ca49e8fac21ce25176ab543094ae13_amd64",
"product": {
"name": "devspaces/machineexec-rhel9@sha256:be8e49378081f05fafba369f406d1cd211ca49e8fac21ce25176ab543094ae13_amd64",
"product_id": "devspaces/machineexec-rhel9@sha256:be8e49378081f05fafba369f406d1cd211ca49e8fac21ce25176ab543094ae13_amd64",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel9@sha256:be8e49378081f05fafba369f406d1cd211ca49e8fac21ce25176ab543094ae13?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel9\u0026tag=3.20-3"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-operator-bundle@sha256:a577adb2dbaddcf1ebdcec2a7c4d0a6b3a948fcf55d9890749f1605e8142b8d8_amd64",
"product": {
"name": "devspaces/devspaces-operator-bundle@sha256:a577adb2dbaddcf1ebdcec2a7c4d0a6b3a948fcf55d9890749f1605e8142b8d8_amd64",
"product_id": "devspaces/devspaces-operator-bundle@sha256:a577adb2dbaddcf1ebdcec2a7c4d0a6b3a948fcf55d9890749f1605e8142b8d8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256:a577adb2dbaddcf1ebdcec2a7c4d0a6b3a948fcf55d9890749f1605e8142b8d8?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.20-21"
}
}
},
{
"category": "product_version",
"name": "devspaces/pluginregistry-rhel9@sha256:fdd3cdce6f5d0308b19f84dbe31b746c3400c67b675a173e8062dfa593290e51_amd64",
"product": {
"name": "devspaces/pluginregistry-rhel9@sha256:fdd3cdce6f5d0308b19f84dbe31b746c3400c67b675a173e8062dfa593290e51_amd64",
"product_id": "devspaces/pluginregistry-rhel9@sha256:fdd3cdce6f5d0308b19f84dbe31b746c3400c67b675a173e8062dfa593290e51_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256:fdd3cdce6f5d0308b19f84dbe31b746c3400c67b675a173e8062dfa593290e51?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel9\u0026tag=3.20-6"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-rhel9-operator@sha256:c3ad009df338a94aed8ca3d4d069bee447ce8b64291bc702fcfa408429108a80_amd64",
"product": {
"name": "devspaces/devspaces-rhel9-operator@sha256:c3ad009df338a94aed8ca3d4d069bee447ce8b64291bc702fcfa408429108a80_amd64",
"product_id": "devspaces/devspaces-rhel9-operator@sha256:c3ad009df338a94aed8ca3d4d069bee447ce8b64291bc702fcfa408429108a80_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256:c3ad009df338a94aed8ca3d4d069bee447ce8b64291bc702fcfa408429108a80?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel9-operator\u0026tag=3.20-12"
}
}
},
{
"category": "product_version",
"name": "devspaces/server-rhel9@sha256:cb4010ab30ac7e6d063fc7b746f1af3b811218e102013554f2f1969f6a237b20_amd64",
"product": {
"name": "devspaces/server-rhel9@sha256:cb4010ab30ac7e6d063fc7b746f1af3b811218e102013554f2f1969f6a237b20_amd64",
"product_id": "devspaces/server-rhel9@sha256:cb4010ab30ac7e6d063fc7b746f1af3b811218e102013554f2f1969f6a237b20_amd64",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256:cb4010ab30ac7e6d063fc7b746f1af3b811218e102013554f2f1969f6a237b20?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/server-rhel9\u0026tag=3.20-13"
}
}
},
{
"category": "product_version",
"name": "devspaces/traefik-rhel9@sha256:193abc8712f684e9ed2d4b13b338ff20e3b29c07d433a7a73b0a7b152fff335d_amd64",
"product": {
"name": "devspaces/traefik-rhel9@sha256:193abc8712f684e9ed2d4b13b338ff20e3b29c07d433a7a73b0a7b152fff335d_amd64",
"product_id": "devspaces/traefik-rhel9@sha256:193abc8712f684e9ed2d4b13b338ff20e3b29c07d433a7a73b0a7b152fff335d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256:193abc8712f684e9ed2d4b13b338ff20e3b29c07d433a7a73b0a7b152fff335d?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel9\u0026tag=3.20-1"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-base-rhel9@sha256:37984d3f5b7450fc01b101e1635430147b20ecf03b1e79abe6f6b350fa7be1c1_amd64",
"product": {
"name": "devspaces/udi-base-rhel9@sha256:37984d3f5b7450fc01b101e1635430147b20ecf03b1e79abe6f6b350fa7be1c1_amd64",
"product_id": "devspaces/udi-base-rhel9@sha256:37984d3f5b7450fc01b101e1635430147b20ecf03b1e79abe6f6b350fa7be1c1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256:37984d3f5b7450fc01b101e1635430147b20ecf03b1e79abe6f6b350fa7be1c1?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel9\u0026tag=3.20-1"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-rhel9@sha256:a2bdfc8f71be04e61c6175ca533a4d759a69a297398319ddc751b5ffd9a4e3ef_amd64",
"product": {
"name": "devspaces/udi-rhel9@sha256:a2bdfc8f71be04e61c6175ca533a4d759a69a297398319ddc751b5ffd9a4e3ef_amd64",
"product_id": "devspaces/udi-rhel9@sha256:a2bdfc8f71be04e61c6175ca533a4d759a69a297398319ddc751b5ffd9a4e3ef_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256:a2bdfc8f71be04e61c6175ca533a4d759a69a297398319ddc751b5ffd9a4e3ef?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/udi-rhel9\u0026tag=3.20-8"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces-tech-preview/idea-rhel9@sha256:4e822fa90a85d0321e809dc028f6a72b1e47a3bb7173143d79206b9b8af55b7e_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:4e822fa90a85d0321e809dc028f6a72b1e47a3bb7173143d79206b9b8af55b7e_amd64"
},
"product_reference": "devspaces-tech-preview/idea-rhel9@sha256:4e822fa90a85d0321e809dc028f6a72b1e47a3bb7173143d79206b9b8af55b7e_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:1213f967cbe599166dcaa07280cf27c48cbb5c3e2828df278090fb1aa4636c8c_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:1213f967cbe599166dcaa07280cf27c48cbb5c3e2828df278090fb1aa4636c8c_s390x"
},
"product_reference": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:1213f967cbe599166dcaa07280cf27c48cbb5c3e2828df278090fb1aa4636c8c_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:13e0884bb5ae5129350025beea1cbd2a6fdd9087718f6e085738a048629519b9_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:13e0884bb5ae5129350025beea1cbd2a6fdd9087718f6e085738a048629519b9_amd64"
},
"product_reference": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:13e0884bb5ae5129350025beea1cbd2a6fdd9087718f6e085738a048629519b9_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:c2322954825785303dc48f29c5176bc173f58ab3215b0c710000bdcee08458be_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:c2322954825785303dc48f29c5176bc173f58ab3215b0c710000bdcee08458be_ppc64le"
},
"product_reference": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:c2322954825785303dc48f29c5176bc173f58ab3215b0c710000bdcee08458be_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/code-rhel9@sha256:d956ac914d55184d56a5f5dee491254f5267c0fbc984a1171429e3a234872a84_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d956ac914d55184d56a5f5dee491254f5267c0fbc984a1171429e3a234872a84_amd64"
},
"product_reference": "devspaces/code-rhel9@sha256:d956ac914d55184d56a5f5dee491254f5267c0fbc984a1171429e3a234872a84_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/code-rhel9@sha256:e0ddb90fb05f486b80fe1c0e7222bc6dd90071f762ab8fd8cfc45a39faa020b0_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e0ddb90fb05f486b80fe1c0e7222bc6dd90071f762ab8fd8cfc45a39faa020b0_s390x"
},
"product_reference": "devspaces/code-rhel9@sha256:e0ddb90fb05f486b80fe1c0e7222bc6dd90071f762ab8fd8cfc45a39faa020b0_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/code-rhel9@sha256:e10c4f241fb1dfa9437e453b65ed57ca79550e487f16bc6742d6c1359824dcc0_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e10c4f241fb1dfa9437e453b65ed57ca79550e487f16bc6742d6c1359824dcc0_ppc64le"
},
"product_reference": "devspaces/code-rhel9@sha256:e10c4f241fb1dfa9437e453b65ed57ca79550e487f16bc6742d6c1359824dcc0_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/configbump-rhel9@sha256:0b605af925e0664d9f6a89c2460cbe56b6af3979bc394e97518a1ce64756dccb_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:0b605af925e0664d9f6a89c2460cbe56b6af3979bc394e97518a1ce64756dccb_amd64"
},
"product_reference": "devspaces/configbump-rhel9@sha256:0b605af925e0664d9f6a89c2460cbe56b6af3979bc394e97518a1ce64756dccb_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/configbump-rhel9@sha256:3ece40e4a3862dc29d9bb41f407117fc52db2ca8208a1dabe82eea28e7a9ba29_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:3ece40e4a3862dc29d9bb41f407117fc52db2ca8208a1dabe82eea28e7a9ba29_ppc64le"
},
"product_reference": "devspaces/configbump-rhel9@sha256:3ece40e4a3862dc29d9bb41f407117fc52db2ca8208a1dabe82eea28e7a9ba29_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/configbump-rhel9@sha256:effcd9952d7714b29c9496cf632d8e8ad1f5e1fffe4a46e59d57da42490da840_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:effcd9952d7714b29c9496cf632d8e8ad1f5e1fffe4a46e59d57da42490da840_s390x"
},
"product_reference": "devspaces/configbump-rhel9@sha256:effcd9952d7714b29c9496cf632d8e8ad1f5e1fffe4a46e59d57da42490da840_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/dashboard-rhel9@sha256:63c5caa6688b3aae3aee9c58e497b1afc7b9b0638eb83a3627eed3004fca11c3_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:63c5caa6688b3aae3aee9c58e497b1afc7b9b0638eb83a3627eed3004fca11c3_amd64"
},
"product_reference": "devspaces/dashboard-rhel9@sha256:63c5caa6688b3aae3aee9c58e497b1afc7b9b0638eb83a3627eed3004fca11c3_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/dashboard-rhel9@sha256:f3066189610abf7be0b9d2e827a108d6cdfcdd1a26dea8bb426af669b40d12ff_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f3066189610abf7be0b9d2e827a108d6cdfcdd1a26dea8bb426af669b40d12ff_s390x"
},
"product_reference": "devspaces/dashboard-rhel9@sha256:f3066189610abf7be0b9d2e827a108d6cdfcdd1a26dea8bb426af669b40d12ff_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/dashboard-rhel9@sha256:f99e4373e39a70c99f4c67cd1a10483c99310e478e5a8b840ab114d11ed2ebd3_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f99e4373e39a70c99f4c67cd1a10483c99310e478e5a8b840ab114d11ed2ebd3_ppc64le"
},
"product_reference": "devspaces/dashboard-rhel9@sha256:f99e4373e39a70c99f4c67cd1a10483c99310e478e5a8b840ab114d11ed2ebd3_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-operator-bundle@sha256:091d2d34fbd525a7e9b2c4b1b8eef5283039dfcaac597bece9f4ad0236d1cbf9_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:091d2d34fbd525a7e9b2c4b1b8eef5283039dfcaac597bece9f4ad0236d1cbf9_s390x"
},
"product_reference": "devspaces/devspaces-operator-bundle@sha256:091d2d34fbd525a7e9b2c4b1b8eef5283039dfcaac597bece9f4ad0236d1cbf9_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-operator-bundle@sha256:1bf0e4367621ed8fef30b5fbd6fbffa59731ecb20cbb8c9772015f8958198a16_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:1bf0e4367621ed8fef30b5fbd6fbffa59731ecb20cbb8c9772015f8958198a16_ppc64le"
},
"product_reference": "devspaces/devspaces-operator-bundle@sha256:1bf0e4367621ed8fef30b5fbd6fbffa59731ecb20cbb8c9772015f8958198a16_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-operator-bundle@sha256:a577adb2dbaddcf1ebdcec2a7c4d0a6b3a948fcf55d9890749f1605e8142b8d8_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a577adb2dbaddcf1ebdcec2a7c4d0a6b3a948fcf55d9890749f1605e8142b8d8_amd64"
},
"product_reference": "devspaces/devspaces-operator-bundle@sha256:a577adb2dbaddcf1ebdcec2a7c4d0a6b3a948fcf55d9890749f1605e8142b8d8_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-rhel9-operator@sha256:1fe43138f2ee8603e1f7aa2f9ade87a09099312836b79b606f09c6ded655c2a2_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:1fe43138f2ee8603e1f7aa2f9ade87a09099312836b79b606f09c6ded655c2a2_ppc64le"
},
"product_reference": "devspaces/devspaces-rhel9-operator@sha256:1fe43138f2ee8603e1f7aa2f9ade87a09099312836b79b606f09c6ded655c2a2_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-rhel9-operator@sha256:c3ad009df338a94aed8ca3d4d069bee447ce8b64291bc702fcfa408429108a80_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:c3ad009df338a94aed8ca3d4d069bee447ce8b64291bc702fcfa408429108a80_amd64"
},
"product_reference": "devspaces/devspaces-rhel9-operator@sha256:c3ad009df338a94aed8ca3d4d069bee447ce8b64291bc702fcfa408429108a80_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-rhel9-operator@sha256:d08147821133be235c9048e9b815576d38560f8e9745d64cf6ba1123dc3e3f89_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:d08147821133be235c9048e9b815576d38560f8e9745d64cf6ba1123dc3e3f89_s390x"
},
"product_reference": "devspaces/devspaces-rhel9-operator@sha256:d08147821133be235c9048e9b815576d38560f8e9745d64cf6ba1123dc3e3f89_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/imagepuller-rhel9@sha256:01217396dfa1ffa44e9cf6b384093a7b6946135fd8fa122083ac6062a3790a2d_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:01217396dfa1ffa44e9cf6b384093a7b6946135fd8fa122083ac6062a3790a2d_ppc64le"
},
"product_reference": "devspaces/imagepuller-rhel9@sha256:01217396dfa1ffa44e9cf6b384093a7b6946135fd8fa122083ac6062a3790a2d_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/imagepuller-rhel9@sha256:6987db3152cec7edcf50dbe86d50a5dcdb4923b0879212711b062718a1e4b162_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6987db3152cec7edcf50dbe86d50a5dcdb4923b0879212711b062718a1e4b162_amd64"
},
"product_reference": "devspaces/imagepuller-rhel9@sha256:6987db3152cec7edcf50dbe86d50a5dcdb4923b0879212711b062718a1e4b162_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/imagepuller-rhel9@sha256:ef04c7de41b9b0f5b53d7a8ac39121c509070a6023d75c1cf8f32301ab356567_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:ef04c7de41b9b0f5b53d7a8ac39121c509070a6023d75c1cf8f32301ab356567_s390x"
},
"product_reference": "devspaces/imagepuller-rhel9@sha256:ef04c7de41b9b0f5b53d7a8ac39121c509070a6023d75c1cf8f32301ab356567_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/machineexec-rhel9@sha256:134c31698768c99170eb6d27d6283b5f18459dec70fda9137ec0aac2ac60c324_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:134c31698768c99170eb6d27d6283b5f18459dec70fda9137ec0aac2ac60c324_s390x"
},
"product_reference": "devspaces/machineexec-rhel9@sha256:134c31698768c99170eb6d27d6283b5f18459dec70fda9137ec0aac2ac60c324_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/machineexec-rhel9@sha256:be8e49378081f05fafba369f406d1cd211ca49e8fac21ce25176ab543094ae13_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:be8e49378081f05fafba369f406d1cd211ca49e8fac21ce25176ab543094ae13_amd64"
},
"product_reference": "devspaces/machineexec-rhel9@sha256:be8e49378081f05fafba369f406d1cd211ca49e8fac21ce25176ab543094ae13_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/machineexec-rhel9@sha256:ea043fb015e82632de477f17a94e0b9dd31b34312c0214fd2b8128e0d71ba716_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ea043fb015e82632de477f17a94e0b9dd31b34312c0214fd2b8128e0d71ba716_ppc64le"
},
"product_reference": "devspaces/machineexec-rhel9@sha256:ea043fb015e82632de477f17a94e0b9dd31b34312c0214fd2b8128e0d71ba716_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/pluginregistry-rhel9@sha256:54de6ce2c4b3a652b5af186490c65a07c4434d253548596f355b3cd3d4f1bd9b_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:54de6ce2c4b3a652b5af186490c65a07c4434d253548596f355b3cd3d4f1bd9b_s390x"
},
"product_reference": "devspaces/pluginregistry-rhel9@sha256:54de6ce2c4b3a652b5af186490c65a07c4434d253548596f355b3cd3d4f1bd9b_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/pluginregistry-rhel9@sha256:f9d32726831f630601ad041898282bb5eaa50e81d6f8aeae6cf4a6fe272c37a6_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:f9d32726831f630601ad041898282bb5eaa50e81d6f8aeae6cf4a6fe272c37a6_ppc64le"
},
"product_reference": "devspaces/pluginregistry-rhel9@sha256:f9d32726831f630601ad041898282bb5eaa50e81d6f8aeae6cf4a6fe272c37a6_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/pluginregistry-rhel9@sha256:fdd3cdce6f5d0308b19f84dbe31b746c3400c67b675a173e8062dfa593290e51_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:fdd3cdce6f5d0308b19f84dbe31b746c3400c67b675a173e8062dfa593290e51_amd64"
},
"product_reference": "devspaces/pluginregistry-rhel9@sha256:fdd3cdce6f5d0308b19f84dbe31b746c3400c67b675a173e8062dfa593290e51_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/server-rhel9@sha256:7e1b73c1d0ba5325bc430c8d01efa1e563f09bb34c1a88a4cf77a9001c7e955a_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:7e1b73c1d0ba5325bc430c8d01efa1e563f09bb34c1a88a4cf77a9001c7e955a_s390x"
},
"product_reference": "devspaces/server-rhel9@sha256:7e1b73c1d0ba5325bc430c8d01efa1e563f09bb34c1a88a4cf77a9001c7e955a_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/server-rhel9@sha256:c12a41f6dfda6df2d532cc9c02e537c4fdcf52c7ec3ebb597bba38f1fe9eb040_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:c12a41f6dfda6df2d532cc9c02e537c4fdcf52c7ec3ebb597bba38f1fe9eb040_ppc64le"
},
"product_reference": "devspaces/server-rhel9@sha256:c12a41f6dfda6df2d532cc9c02e537c4fdcf52c7ec3ebb597bba38f1fe9eb040_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/server-rhel9@sha256:cb4010ab30ac7e6d063fc7b746f1af3b811218e102013554f2f1969f6a237b20_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:cb4010ab30ac7e6d063fc7b746f1af3b811218e102013554f2f1969f6a237b20_amd64"
},
"product_reference": "devspaces/server-rhel9@sha256:cb4010ab30ac7e6d063fc7b746f1af3b811218e102013554f2f1969f6a237b20_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/traefik-rhel9@sha256:01e231b75154957ecf5fa3f0d201f648d8558c6cfd7294a49865ff857316ee89_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:01e231b75154957ecf5fa3f0d201f648d8558c6cfd7294a49865ff857316ee89_s390x"
},
"product_reference": "devspaces/traefik-rhel9@sha256:01e231b75154957ecf5fa3f0d201f648d8558c6cfd7294a49865ff857316ee89_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/traefik-rhel9@sha256:07939c868b6db934987241cdd6bef796bcc3fe3f0baf2ab940d1f6bf190141a5_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:07939c868b6db934987241cdd6bef796bcc3fe3f0baf2ab940d1f6bf190141a5_ppc64le"
},
"product_reference": "devspaces/traefik-rhel9@sha256:07939c868b6db934987241cdd6bef796bcc3fe3f0baf2ab940d1f6bf190141a5_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/traefik-rhel9@sha256:193abc8712f684e9ed2d4b13b338ff20e3b29c07d433a7a73b0a7b152fff335d_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:193abc8712f684e9ed2d4b13b338ff20e3b29c07d433a7a73b0a7b152fff335d_amd64"
},
"product_reference": "devspaces/traefik-rhel9@sha256:193abc8712f684e9ed2d4b13b338ff20e3b29c07d433a7a73b0a7b152fff335d_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-base-rhel9@sha256:37984d3f5b7450fc01b101e1635430147b20ecf03b1e79abe6f6b350fa7be1c1_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:37984d3f5b7450fc01b101e1635430147b20ecf03b1e79abe6f6b350fa7be1c1_amd64"
},
"product_reference": "devspaces/udi-base-rhel9@sha256:37984d3f5b7450fc01b101e1635430147b20ecf03b1e79abe6f6b350fa7be1c1_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-base-rhel9@sha256:5ca1c51f319331e9040acdc25bacab449c812165d11da5deb40f72a7ccf9824d_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:5ca1c51f319331e9040acdc25bacab449c812165d11da5deb40f72a7ccf9824d_s390x"
},
"product_reference": "devspaces/udi-base-rhel9@sha256:5ca1c51f319331e9040acdc25bacab449c812165d11da5deb40f72a7ccf9824d_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-base-rhel9@sha256:9df8324b79247bd77ad74b8948ff134db72559e88c53fab3a1259b7113a677d9_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:9df8324b79247bd77ad74b8948ff134db72559e88c53fab3a1259b7113a677d9_ppc64le"
},
"product_reference": "devspaces/udi-base-rhel9@sha256:9df8324b79247bd77ad74b8948ff134db72559e88c53fab3a1259b7113a677d9_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-rhel9@sha256:5997b680718b3b4cd7f19b0c59774ce5f7827926c7f679a55cfd608c26cff7dc_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:5997b680718b3b4cd7f19b0c59774ce5f7827926c7f679a55cfd608c26cff7dc_s390x"
},
"product_reference": "devspaces/udi-rhel9@sha256:5997b680718b3b4cd7f19b0c59774ce5f7827926c7f679a55cfd608c26cff7dc_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-rhel9@sha256:8d0dbdfa02c2f09576916271aeb0cfeeffc6554c02ee95035bf827de75809017_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:8d0dbdfa02c2f09576916271aeb0cfeeffc6554c02ee95035bf827de75809017_ppc64le"
},
"product_reference": "devspaces/udi-rhel9@sha256:8d0dbdfa02c2f09576916271aeb0cfeeffc6554c02ee95035bf827de75809017_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-rhel9@sha256:a2bdfc8f71be04e61c6175ca533a4d759a69a297398319ddc751b5ffd9a4e3ef_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:a2bdfc8f71be04e61c6175ca533a4d759a69a297398319ddc751b5ffd9a4e3ef_amd64"
},
"product_reference": "devspaces/udi-rhel9@sha256:a2bdfc8f71be04e61c6175ca533a4d759a69a297398319ddc751b5ffd9a4e3ef_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12905",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-03-27T17:02:14.911888+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:4e822fa90a85d0321e809dc028f6a72b1e47a3bb7173143d79206b9b8af55b7e_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:1213f967cbe599166dcaa07280cf27c48cbb5c3e2828df278090fb1aa4636c8c_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:13e0884bb5ae5129350025beea1cbd2a6fdd9087718f6e085738a048629519b9_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:c2322954825785303dc48f29c5176bc173f58ab3215b0c710000bdcee08458be_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d956ac914d55184d56a5f5dee491254f5267c0fbc984a1171429e3a234872a84_amd64",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e0ddb90fb05f486b80fe1c0e7222bc6dd90071f762ab8fd8cfc45a39faa020b0_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e10c4f241fb1dfa9437e453b65ed57ca79550e487f16bc6742d6c1359824dcc0_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:0b605af925e0664d9f6a89c2460cbe56b6af3979bc394e97518a1ce64756dccb_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:3ece40e4a3862dc29d9bb41f407117fc52db2ca8208a1dabe82eea28e7a9ba29_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:effcd9952d7714b29c9496cf632d8e8ad1f5e1fffe4a46e59d57da42490da840_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:63c5caa6688b3aae3aee9c58e497b1afc7b9b0638eb83a3627eed3004fca11c3_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f3066189610abf7be0b9d2e827a108d6cdfcdd1a26dea8bb426af669b40d12ff_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f99e4373e39a70c99f4c67cd1a10483c99310e478e5a8b840ab114d11ed2ebd3_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:091d2d34fbd525a7e9b2c4b1b8eef5283039dfcaac597bece9f4ad0236d1cbf9_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:1bf0e4367621ed8fef30b5fbd6fbffa59731ecb20cbb8c9772015f8958198a16_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a577adb2dbaddcf1ebdcec2a7c4d0a6b3a948fcf55d9890749f1605e8142b8d8_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:1fe43138f2ee8603e1f7aa2f9ade87a09099312836b79b606f09c6ded655c2a2_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:c3ad009df338a94aed8ca3d4d069bee447ce8b64291bc702fcfa408429108a80_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:d08147821133be235c9048e9b815576d38560f8e9745d64cf6ba1123dc3e3f89_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:01217396dfa1ffa44e9cf6b384093a7b6946135fd8fa122083ac6062a3790a2d_ppc64le",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6987db3152cec7edcf50dbe86d50a5dcdb4923b0879212711b062718a1e4b162_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:ef04c7de41b9b0f5b53d7a8ac39121c509070a6023d75c1cf8f32301ab356567_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:134c31698768c99170eb6d27d6283b5f18459dec70fda9137ec0aac2ac60c324_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:be8e49378081f05fafba369f406d1cd211ca49e8fac21ce25176ab543094ae13_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ea043fb015e82632de477f17a94e0b9dd31b34312c0214fd2b8128e0d71ba716_ppc64le",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:7e1b73c1d0ba5325bc430c8d01efa1e563f09bb34c1a88a4cf77a9001c7e955a_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:c12a41f6dfda6df2d532cc9c02e537c4fdcf52c7ec3ebb597bba38f1fe9eb040_ppc64le",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:cb4010ab30ac7e6d063fc7b746f1af3b811218e102013554f2f1969f6a237b20_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:01e231b75154957ecf5fa3f0d201f648d8558c6cfd7294a49865ff857316ee89_s390x",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:07939c868b6db934987241cdd6bef796bcc3fe3f0baf2ab940d1f6bf190141a5_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:193abc8712f684e9ed2d4b13b338ff20e3b29c07d433a7a73b0a7b152fff335d_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:37984d3f5b7450fc01b101e1635430147b20ecf03b1e79abe6f6b350fa7be1c1_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:5ca1c51f319331e9040acdc25bacab449c812165d11da5deb40f72a7ccf9824d_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:9df8324b79247bd77ad74b8948ff134db72559e88c53fab3a1259b7113a677d9_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:5997b680718b3b4cd7f19b0c59774ce5f7827926c7f679a55cfd608c26cff7dc_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:8d0dbdfa02c2f09576916271aeb0cfeeffc6554c02ee95035bf827de75809017_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:a2bdfc8f71be04e61c6175ca533a4d759a69a297398319ddc751b5ffd9a4e3ef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2355460"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the tar-fs package for Node.js. In affected versions, unauthorized file writes or overwrites outside the intended extraction directory can occur when extracting a maliciously crafted tar file. The issue is associated with index.js in the tar-fs package.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tar-fs: link following and path traversal via maliciously crafted tar file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an important severity because it allows attackers to extract a malicious tar file that can write or overwrite files outside the intended directory. This occurs due to improper handling of link resolution and pathname limitations. The risk is high for systems that automatically extract tar files, as it can lead to data corruption or unauthorized file modifications without user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:54de6ce2c4b3a652b5af186490c65a07c4434d253548596f355b3cd3d4f1bd9b_s390x",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:f9d32726831f630601ad041898282bb5eaa50e81d6f8aeae6cf4a6fe272c37a6_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:fdd3cdce6f5d0308b19f84dbe31b746c3400c67b675a173e8062dfa593290e51_amd64"
],
"known_not_affected": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:4e822fa90a85d0321e809dc028f6a72b1e47a3bb7173143d79206b9b8af55b7e_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:1213f967cbe599166dcaa07280cf27c48cbb5c3e2828df278090fb1aa4636c8c_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:13e0884bb5ae5129350025beea1cbd2a6fdd9087718f6e085738a048629519b9_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:c2322954825785303dc48f29c5176bc173f58ab3215b0c710000bdcee08458be_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d956ac914d55184d56a5f5dee491254f5267c0fbc984a1171429e3a234872a84_amd64",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e0ddb90fb05f486b80fe1c0e7222bc6dd90071f762ab8fd8cfc45a39faa020b0_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e10c4f241fb1dfa9437e453b65ed57ca79550e487f16bc6742d6c1359824dcc0_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:0b605af925e0664d9f6a89c2460cbe56b6af3979bc394e97518a1ce64756dccb_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:3ece40e4a3862dc29d9bb41f407117fc52db2ca8208a1dabe82eea28e7a9ba29_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:effcd9952d7714b29c9496cf632d8e8ad1f5e1fffe4a46e59d57da42490da840_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:63c5caa6688b3aae3aee9c58e497b1afc7b9b0638eb83a3627eed3004fca11c3_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f3066189610abf7be0b9d2e827a108d6cdfcdd1a26dea8bb426af669b40d12ff_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f99e4373e39a70c99f4c67cd1a10483c99310e478e5a8b840ab114d11ed2ebd3_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:091d2d34fbd525a7e9b2c4b1b8eef5283039dfcaac597bece9f4ad0236d1cbf9_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:1bf0e4367621ed8fef30b5fbd6fbffa59731ecb20cbb8c9772015f8958198a16_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a577adb2dbaddcf1ebdcec2a7c4d0a6b3a948fcf55d9890749f1605e8142b8d8_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:1fe43138f2ee8603e1f7aa2f9ade87a09099312836b79b606f09c6ded655c2a2_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:c3ad009df338a94aed8ca3d4d069bee447ce8b64291bc702fcfa408429108a80_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:d08147821133be235c9048e9b815576d38560f8e9745d64cf6ba1123dc3e3f89_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:01217396dfa1ffa44e9cf6b384093a7b6946135fd8fa122083ac6062a3790a2d_ppc64le",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6987db3152cec7edcf50dbe86d50a5dcdb4923b0879212711b062718a1e4b162_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:ef04c7de41b9b0f5b53d7a8ac39121c509070a6023d75c1cf8f32301ab356567_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:134c31698768c99170eb6d27d6283b5f18459dec70fda9137ec0aac2ac60c324_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:be8e49378081f05fafba369f406d1cd211ca49e8fac21ce25176ab543094ae13_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ea043fb015e82632de477f17a94e0b9dd31b34312c0214fd2b8128e0d71ba716_ppc64le",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:7e1b73c1d0ba5325bc430c8d01efa1e563f09bb34c1a88a4cf77a9001c7e955a_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:c12a41f6dfda6df2d532cc9c02e537c4fdcf52c7ec3ebb597bba38f1fe9eb040_ppc64le",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:cb4010ab30ac7e6d063fc7b746f1af3b811218e102013554f2f1969f6a237b20_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:01e231b75154957ecf5fa3f0d201f648d8558c6cfd7294a49865ff857316ee89_s390x",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:07939c868b6db934987241cdd6bef796bcc3fe3f0baf2ab940d1f6bf190141a5_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:193abc8712f684e9ed2d4b13b338ff20e3b29c07d433a7a73b0a7b152fff335d_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:37984d3f5b7450fc01b101e1635430147b20ecf03b1e79abe6f6b350fa7be1c1_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:5ca1c51f319331e9040acdc25bacab449c812165d11da5deb40f72a7ccf9824d_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:9df8324b79247bd77ad74b8948ff134db72559e88c53fab3a1259b7113a677d9_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:5997b680718b3b4cd7f19b0c59774ce5f7827926c7f679a55cfd608c26cff7dc_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:8d0dbdfa02c2f09576916271aeb0cfeeffc6554c02ee95035bf827de75809017_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:a2bdfc8f71be04e61c6175ca533a4d759a69a297398319ddc751b5ffd9a4e3ef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-12905"
},
{
"category": "external",
"summary": "RHBZ#2355460",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355460"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-12905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12905",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12905"
},
{
"category": "external",
"summary": "https://github.com/mafintosh/tar-fs/commit/a1dd7e7c7f4b4a8bd2ab60f513baca573b44e2ed",
"url": "https://github.com/mafintosh/tar-fs/commit/a1dd7e7c7f4b4a8bd2ab60f513baca573b44e2ed"
}
],
"release_date": "2025-03-27T16:25:34.410000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-16T02:48:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:54de6ce2c4b3a652b5af186490c65a07c4434d253548596f355b3cd3d4f1bd9b_s390x",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:f9d32726831f630601ad041898282bb5eaa50e81d6f8aeae6cf4a6fe272c37a6_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:fdd3cdce6f5d0308b19f84dbe31b746c3400c67b675a173e8062dfa593290e51_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3932"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:4e822fa90a85d0321e809dc028f6a72b1e47a3bb7173143d79206b9b8af55b7e_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:1213f967cbe599166dcaa07280cf27c48cbb5c3e2828df278090fb1aa4636c8c_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:13e0884bb5ae5129350025beea1cbd2a6fdd9087718f6e085738a048629519b9_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:c2322954825785303dc48f29c5176bc173f58ab3215b0c710000bdcee08458be_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d956ac914d55184d56a5f5dee491254f5267c0fbc984a1171429e3a234872a84_amd64",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e0ddb90fb05f486b80fe1c0e7222bc6dd90071f762ab8fd8cfc45a39faa020b0_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e10c4f241fb1dfa9437e453b65ed57ca79550e487f16bc6742d6c1359824dcc0_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:0b605af925e0664d9f6a89c2460cbe56b6af3979bc394e97518a1ce64756dccb_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:3ece40e4a3862dc29d9bb41f407117fc52db2ca8208a1dabe82eea28e7a9ba29_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:effcd9952d7714b29c9496cf632d8e8ad1f5e1fffe4a46e59d57da42490da840_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:63c5caa6688b3aae3aee9c58e497b1afc7b9b0638eb83a3627eed3004fca11c3_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f3066189610abf7be0b9d2e827a108d6cdfcdd1a26dea8bb426af669b40d12ff_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f99e4373e39a70c99f4c67cd1a10483c99310e478e5a8b840ab114d11ed2ebd3_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:091d2d34fbd525a7e9b2c4b1b8eef5283039dfcaac597bece9f4ad0236d1cbf9_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:1bf0e4367621ed8fef30b5fbd6fbffa59731ecb20cbb8c9772015f8958198a16_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a577adb2dbaddcf1ebdcec2a7c4d0a6b3a948fcf55d9890749f1605e8142b8d8_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:1fe43138f2ee8603e1f7aa2f9ade87a09099312836b79b606f09c6ded655c2a2_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:c3ad009df338a94aed8ca3d4d069bee447ce8b64291bc702fcfa408429108a80_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:d08147821133be235c9048e9b815576d38560f8e9745d64cf6ba1123dc3e3f89_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:01217396dfa1ffa44e9cf6b384093a7b6946135fd8fa122083ac6062a3790a2d_ppc64le",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6987db3152cec7edcf50dbe86d50a5dcdb4923b0879212711b062718a1e4b162_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:ef04c7de41b9b0f5b53d7a8ac39121c509070a6023d75c1cf8f32301ab356567_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:134c31698768c99170eb6d27d6283b5f18459dec70fda9137ec0aac2ac60c324_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:be8e49378081f05fafba369f406d1cd211ca49e8fac21ce25176ab543094ae13_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ea043fb015e82632de477f17a94e0b9dd31b34312c0214fd2b8128e0d71ba716_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:54de6ce2c4b3a652b5af186490c65a07c4434d253548596f355b3cd3d4f1bd9b_s390x",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:f9d32726831f630601ad041898282bb5eaa50e81d6f8aeae6cf4a6fe272c37a6_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:fdd3cdce6f5d0308b19f84dbe31b746c3400c67b675a173e8062dfa593290e51_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:7e1b73c1d0ba5325bc430c8d01efa1e563f09bb34c1a88a4cf77a9001c7e955a_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:c12a41f6dfda6df2d532cc9c02e537c4fdcf52c7ec3ebb597bba38f1fe9eb040_ppc64le",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:cb4010ab30ac7e6d063fc7b746f1af3b811218e102013554f2f1969f6a237b20_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:01e231b75154957ecf5fa3f0d201f648d8558c6cfd7294a49865ff857316ee89_s390x",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:07939c868b6db934987241cdd6bef796bcc3fe3f0baf2ab940d1f6bf190141a5_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:193abc8712f684e9ed2d4b13b338ff20e3b29c07d433a7a73b0a7b152fff335d_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:37984d3f5b7450fc01b101e1635430147b20ecf03b1e79abe6f6b350fa7be1c1_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:5ca1c51f319331e9040acdc25bacab449c812165d11da5deb40f72a7ccf9824d_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:9df8324b79247bd77ad74b8948ff134db72559e88c53fab3a1259b7113a677d9_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:5997b680718b3b4cd7f19b0c59774ce5f7827926c7f679a55cfd608c26cff7dc_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:8d0dbdfa02c2f09576916271aeb0cfeeffc6554c02ee95035bf827de75809017_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:a2bdfc8f71be04e61c6175ca533a4d759a69a297398319ddc751b5ffd9a4e3ef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tar-fs: link following and path traversal via maliciously crafted tar file"
},
{
"acknowledgments": [
{
"names": [
"jub0bs"
]
}
],
"cve": "CVE-2025-22868",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2025-02-26T04:00:44.350024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:4e822fa90a85d0321e809dc028f6a72b1e47a3bb7173143d79206b9b8af55b7e_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:1213f967cbe599166dcaa07280cf27c48cbb5c3e2828df278090fb1aa4636c8c_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:13e0884bb5ae5129350025beea1cbd2a6fdd9087718f6e085738a048629519b9_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:c2322954825785303dc48f29c5176bc173f58ab3215b0c710000bdcee08458be_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d956ac914d55184d56a5f5dee491254f5267c0fbc984a1171429e3a234872a84_amd64",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e0ddb90fb05f486b80fe1c0e7222bc6dd90071f762ab8fd8cfc45a39faa020b0_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e10c4f241fb1dfa9437e453b65ed57ca79550e487f16bc6742d6c1359824dcc0_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:0b605af925e0664d9f6a89c2460cbe56b6af3979bc394e97518a1ce64756dccb_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:3ece40e4a3862dc29d9bb41f407117fc52db2ca8208a1dabe82eea28e7a9ba29_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:effcd9952d7714b29c9496cf632d8e8ad1f5e1fffe4a46e59d57da42490da840_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:63c5caa6688b3aae3aee9c58e497b1afc7b9b0638eb83a3627eed3004fca11c3_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f3066189610abf7be0b9d2e827a108d6cdfcdd1a26dea8bb426af669b40d12ff_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f99e4373e39a70c99f4c67cd1a10483c99310e478e5a8b840ab114d11ed2ebd3_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:091d2d34fbd525a7e9b2c4b1b8eef5283039dfcaac597bece9f4ad0236d1cbf9_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:1bf0e4367621ed8fef30b5fbd6fbffa59731ecb20cbb8c9772015f8958198a16_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a577adb2dbaddcf1ebdcec2a7c4d0a6b3a948fcf55d9890749f1605e8142b8d8_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:01217396dfa1ffa44e9cf6b384093a7b6946135fd8fa122083ac6062a3790a2d_ppc64le",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6987db3152cec7edcf50dbe86d50a5dcdb4923b0879212711b062718a1e4b162_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:ef04c7de41b9b0f5b53d7a8ac39121c509070a6023d75c1cf8f32301ab356567_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:134c31698768c99170eb6d27d6283b5f18459dec70fda9137ec0aac2ac60c324_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:be8e49378081f05fafba369f406d1cd211ca49e8fac21ce25176ab543094ae13_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ea043fb015e82632de477f17a94e0b9dd31b34312c0214fd2b8128e0d71ba716_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:54de6ce2c4b3a652b5af186490c65a07c4434d253548596f355b3cd3d4f1bd9b_s390x",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:f9d32726831f630601ad041898282bb5eaa50e81d6f8aeae6cf4a6fe272c37a6_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:fdd3cdce6f5d0308b19f84dbe31b746c3400c67b675a173e8062dfa593290e51_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:7e1b73c1d0ba5325bc430c8d01efa1e563f09bb34c1a88a4cf77a9001c7e955a_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:c12a41f6dfda6df2d532cc9c02e537c4fdcf52c7ec3ebb597bba38f1fe9eb040_ppc64le",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:cb4010ab30ac7e6d063fc7b746f1af3b811218e102013554f2f1969f6a237b20_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:01e231b75154957ecf5fa3f0d201f648d8558c6cfd7294a49865ff857316ee89_s390x",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:07939c868b6db934987241cdd6bef796bcc3fe3f0baf2ab940d1f6bf190141a5_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:193abc8712f684e9ed2d4b13b338ff20e3b29c07d433a7a73b0a7b152fff335d_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:37984d3f5b7450fc01b101e1635430147b20ecf03b1e79abe6f6b350fa7be1c1_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:5ca1c51f319331e9040acdc25bacab449c812165d11da5deb40f72a7ccf9824d_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:9df8324b79247bd77ad74b8948ff134db72559e88c53fab3a1259b7113a677d9_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:5997b680718b3b4cd7f19b0c59774ce5f7827926c7f679a55cfd608c26cff7dc_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:8d0dbdfa02c2f09576916271aeb0cfeeffc6554c02ee95035bf827de75809017_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:a2bdfc8f71be04e61c6175ca533a4d759a69a297398319ddc751b5ffd9a4e3ef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348366"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, \".\")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:1fe43138f2ee8603e1f7aa2f9ade87a09099312836b79b606f09c6ded655c2a2_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:c3ad009df338a94aed8ca3d4d069bee447ce8b64291bc702fcfa408429108a80_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:d08147821133be235c9048e9b815576d38560f8e9745d64cf6ba1123dc3e3f89_s390x"
],
"known_not_affected": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:4e822fa90a85d0321e809dc028f6a72b1e47a3bb7173143d79206b9b8af55b7e_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:1213f967cbe599166dcaa07280cf27c48cbb5c3e2828df278090fb1aa4636c8c_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:13e0884bb5ae5129350025beea1cbd2a6fdd9087718f6e085738a048629519b9_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:c2322954825785303dc48f29c5176bc173f58ab3215b0c710000bdcee08458be_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d956ac914d55184d56a5f5dee491254f5267c0fbc984a1171429e3a234872a84_amd64",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e0ddb90fb05f486b80fe1c0e7222bc6dd90071f762ab8fd8cfc45a39faa020b0_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e10c4f241fb1dfa9437e453b65ed57ca79550e487f16bc6742d6c1359824dcc0_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:0b605af925e0664d9f6a89c2460cbe56b6af3979bc394e97518a1ce64756dccb_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:3ece40e4a3862dc29d9bb41f407117fc52db2ca8208a1dabe82eea28e7a9ba29_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:effcd9952d7714b29c9496cf632d8e8ad1f5e1fffe4a46e59d57da42490da840_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:63c5caa6688b3aae3aee9c58e497b1afc7b9b0638eb83a3627eed3004fca11c3_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f3066189610abf7be0b9d2e827a108d6cdfcdd1a26dea8bb426af669b40d12ff_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f99e4373e39a70c99f4c67cd1a10483c99310e478e5a8b840ab114d11ed2ebd3_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:091d2d34fbd525a7e9b2c4b1b8eef5283039dfcaac597bece9f4ad0236d1cbf9_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:1bf0e4367621ed8fef30b5fbd6fbffa59731ecb20cbb8c9772015f8958198a16_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a577adb2dbaddcf1ebdcec2a7c4d0a6b3a948fcf55d9890749f1605e8142b8d8_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:01217396dfa1ffa44e9cf6b384093a7b6946135fd8fa122083ac6062a3790a2d_ppc64le",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6987db3152cec7edcf50dbe86d50a5dcdb4923b0879212711b062718a1e4b162_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:ef04c7de41b9b0f5b53d7a8ac39121c509070a6023d75c1cf8f32301ab356567_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:134c31698768c99170eb6d27d6283b5f18459dec70fda9137ec0aac2ac60c324_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:be8e49378081f05fafba369f406d1cd211ca49e8fac21ce25176ab543094ae13_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ea043fb015e82632de477f17a94e0b9dd31b34312c0214fd2b8128e0d71ba716_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:54de6ce2c4b3a652b5af186490c65a07c4434d253548596f355b3cd3d4f1bd9b_s390x",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:f9d32726831f630601ad041898282bb5eaa50e81d6f8aeae6cf4a6fe272c37a6_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:fdd3cdce6f5d0308b19f84dbe31b746c3400c67b675a173e8062dfa593290e51_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:7e1b73c1d0ba5325bc430c8d01efa1e563f09bb34c1a88a4cf77a9001c7e955a_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:c12a41f6dfda6df2d532cc9c02e537c4fdcf52c7ec3ebb597bba38f1fe9eb040_ppc64le",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:cb4010ab30ac7e6d063fc7b746f1af3b811218e102013554f2f1969f6a237b20_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:01e231b75154957ecf5fa3f0d201f648d8558c6cfd7294a49865ff857316ee89_s390x",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:07939c868b6db934987241cdd6bef796bcc3fe3f0baf2ab940d1f6bf190141a5_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:193abc8712f684e9ed2d4b13b338ff20e3b29c07d433a7a73b0a7b152fff335d_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:37984d3f5b7450fc01b101e1635430147b20ecf03b1e79abe6f6b350fa7be1c1_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:5ca1c51f319331e9040acdc25bacab449c812165d11da5deb40f72a7ccf9824d_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:9df8324b79247bd77ad74b8948ff134db72559e88c53fab3a1259b7113a677d9_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:5997b680718b3b4cd7f19b0c59774ce5f7827926c7f679a55cfd608c26cff7dc_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:8d0dbdfa02c2f09576916271aeb0cfeeffc6554c02ee95035bf827de75809017_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:a2bdfc8f71be04e61c6175ca533a4d759a69a297398319ddc751b5ffd9a4e3ef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "RHBZ#2348366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://go.dev/cl/652155",
"url": "https://go.dev/cl/652155"
},
{
"category": "external",
"summary": "https://go.dev/issue/71490",
"url": "https://go.dev/issue/71490"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3488",
"url": "https://pkg.go.dev/vuln/GO-2025-3488"
}
],
"release_date": "2025-02-26T03:07:49.012000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-16T02:48:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:1fe43138f2ee8603e1f7aa2f9ade87a09099312836b79b606f09c6ded655c2a2_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:c3ad009df338a94aed8ca3d4d069bee447ce8b64291bc702fcfa408429108a80_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:d08147821133be235c9048e9b815576d38560f8e9745d64cf6ba1123dc3e3f89_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3932"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, it is recommended to pre-validate any payloads passed to `go-jose` to check that they do not contain an excessive amount of `.` characters.",
"product_ids": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:4e822fa90a85d0321e809dc028f6a72b1e47a3bb7173143d79206b9b8af55b7e_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:1213f967cbe599166dcaa07280cf27c48cbb5c3e2828df278090fb1aa4636c8c_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:13e0884bb5ae5129350025beea1cbd2a6fdd9087718f6e085738a048629519b9_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:c2322954825785303dc48f29c5176bc173f58ab3215b0c710000bdcee08458be_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d956ac914d55184d56a5f5dee491254f5267c0fbc984a1171429e3a234872a84_amd64",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e0ddb90fb05f486b80fe1c0e7222bc6dd90071f762ab8fd8cfc45a39faa020b0_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e10c4f241fb1dfa9437e453b65ed57ca79550e487f16bc6742d6c1359824dcc0_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:0b605af925e0664d9f6a89c2460cbe56b6af3979bc394e97518a1ce64756dccb_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:3ece40e4a3862dc29d9bb41f407117fc52db2ca8208a1dabe82eea28e7a9ba29_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:effcd9952d7714b29c9496cf632d8e8ad1f5e1fffe4a46e59d57da42490da840_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:63c5caa6688b3aae3aee9c58e497b1afc7b9b0638eb83a3627eed3004fca11c3_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f3066189610abf7be0b9d2e827a108d6cdfcdd1a26dea8bb426af669b40d12ff_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f99e4373e39a70c99f4c67cd1a10483c99310e478e5a8b840ab114d11ed2ebd3_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:091d2d34fbd525a7e9b2c4b1b8eef5283039dfcaac597bece9f4ad0236d1cbf9_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:1bf0e4367621ed8fef30b5fbd6fbffa59731ecb20cbb8c9772015f8958198a16_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a577adb2dbaddcf1ebdcec2a7c4d0a6b3a948fcf55d9890749f1605e8142b8d8_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:1fe43138f2ee8603e1f7aa2f9ade87a09099312836b79b606f09c6ded655c2a2_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:c3ad009df338a94aed8ca3d4d069bee447ce8b64291bc702fcfa408429108a80_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:d08147821133be235c9048e9b815576d38560f8e9745d64cf6ba1123dc3e3f89_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:01217396dfa1ffa44e9cf6b384093a7b6946135fd8fa122083ac6062a3790a2d_ppc64le",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6987db3152cec7edcf50dbe86d50a5dcdb4923b0879212711b062718a1e4b162_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:ef04c7de41b9b0f5b53d7a8ac39121c509070a6023d75c1cf8f32301ab356567_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:134c31698768c99170eb6d27d6283b5f18459dec70fda9137ec0aac2ac60c324_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:be8e49378081f05fafba369f406d1cd211ca49e8fac21ce25176ab543094ae13_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ea043fb015e82632de477f17a94e0b9dd31b34312c0214fd2b8128e0d71ba716_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:54de6ce2c4b3a652b5af186490c65a07c4434d253548596f355b3cd3d4f1bd9b_s390x",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:f9d32726831f630601ad041898282bb5eaa50e81d6f8aeae6cf4a6fe272c37a6_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:fdd3cdce6f5d0308b19f84dbe31b746c3400c67b675a173e8062dfa593290e51_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:7e1b73c1d0ba5325bc430c8d01efa1e563f09bb34c1a88a4cf77a9001c7e955a_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:c12a41f6dfda6df2d532cc9c02e537c4fdcf52c7ec3ebb597bba38f1fe9eb040_ppc64le",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:cb4010ab30ac7e6d063fc7b746f1af3b811218e102013554f2f1969f6a237b20_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:01e231b75154957ecf5fa3f0d201f648d8558c6cfd7294a49865ff857316ee89_s390x",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:07939c868b6db934987241cdd6bef796bcc3fe3f0baf2ab940d1f6bf190141a5_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:193abc8712f684e9ed2d4b13b338ff20e3b29c07d433a7a73b0a7b152fff335d_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:37984d3f5b7450fc01b101e1635430147b20ecf03b1e79abe6f6b350fa7be1c1_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:5ca1c51f319331e9040acdc25bacab449c812165d11da5deb40f72a7ccf9824d_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:9df8324b79247bd77ad74b8948ff134db72559e88c53fab3a1259b7113a677d9_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:5997b680718b3b4cd7f19b0c59774ce5f7827926c7f679a55cfd608c26cff7dc_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:8d0dbdfa02c2f09576916271aeb0cfeeffc6554c02ee95035bf827de75809017_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:a2bdfc8f71be04e61c6175ca533a4d759a69a297398319ddc751b5ffd9a4e3ef_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:4e822fa90a85d0321e809dc028f6a72b1e47a3bb7173143d79206b9b8af55b7e_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:1213f967cbe599166dcaa07280cf27c48cbb5c3e2828df278090fb1aa4636c8c_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:13e0884bb5ae5129350025beea1cbd2a6fdd9087718f6e085738a048629519b9_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:c2322954825785303dc48f29c5176bc173f58ab3215b0c710000bdcee08458be_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d956ac914d55184d56a5f5dee491254f5267c0fbc984a1171429e3a234872a84_amd64",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e0ddb90fb05f486b80fe1c0e7222bc6dd90071f762ab8fd8cfc45a39faa020b0_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e10c4f241fb1dfa9437e453b65ed57ca79550e487f16bc6742d6c1359824dcc0_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:0b605af925e0664d9f6a89c2460cbe56b6af3979bc394e97518a1ce64756dccb_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:3ece40e4a3862dc29d9bb41f407117fc52db2ca8208a1dabe82eea28e7a9ba29_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:effcd9952d7714b29c9496cf632d8e8ad1f5e1fffe4a46e59d57da42490da840_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:63c5caa6688b3aae3aee9c58e497b1afc7b9b0638eb83a3627eed3004fca11c3_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f3066189610abf7be0b9d2e827a108d6cdfcdd1a26dea8bb426af669b40d12ff_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f99e4373e39a70c99f4c67cd1a10483c99310e478e5a8b840ab114d11ed2ebd3_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:091d2d34fbd525a7e9b2c4b1b8eef5283039dfcaac597bece9f4ad0236d1cbf9_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:1bf0e4367621ed8fef30b5fbd6fbffa59731ecb20cbb8c9772015f8958198a16_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a577adb2dbaddcf1ebdcec2a7c4d0a6b3a948fcf55d9890749f1605e8142b8d8_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:1fe43138f2ee8603e1f7aa2f9ade87a09099312836b79b606f09c6ded655c2a2_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:c3ad009df338a94aed8ca3d4d069bee447ce8b64291bc702fcfa408429108a80_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:d08147821133be235c9048e9b815576d38560f8e9745d64cf6ba1123dc3e3f89_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:01217396dfa1ffa44e9cf6b384093a7b6946135fd8fa122083ac6062a3790a2d_ppc64le",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6987db3152cec7edcf50dbe86d50a5dcdb4923b0879212711b062718a1e4b162_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:ef04c7de41b9b0f5b53d7a8ac39121c509070a6023d75c1cf8f32301ab356567_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:134c31698768c99170eb6d27d6283b5f18459dec70fda9137ec0aac2ac60c324_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:be8e49378081f05fafba369f406d1cd211ca49e8fac21ce25176ab543094ae13_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ea043fb015e82632de477f17a94e0b9dd31b34312c0214fd2b8128e0d71ba716_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:54de6ce2c4b3a652b5af186490c65a07c4434d253548596f355b3cd3d4f1bd9b_s390x",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:f9d32726831f630601ad041898282bb5eaa50e81d6f8aeae6cf4a6fe272c37a6_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:fdd3cdce6f5d0308b19f84dbe31b746c3400c67b675a173e8062dfa593290e51_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:7e1b73c1d0ba5325bc430c8d01efa1e563f09bb34c1a88a4cf77a9001c7e955a_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:c12a41f6dfda6df2d532cc9c02e537c4fdcf52c7ec3ebb597bba38f1fe9eb040_ppc64le",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:cb4010ab30ac7e6d063fc7b746f1af3b811218e102013554f2f1969f6a237b20_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:01e231b75154957ecf5fa3f0d201f648d8558c6cfd7294a49865ff857316ee89_s390x",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:07939c868b6db934987241cdd6bef796bcc3fe3f0baf2ab940d1f6bf190141a5_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:193abc8712f684e9ed2d4b13b338ff20e3b29c07d433a7a73b0a7b152fff335d_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:37984d3f5b7450fc01b101e1635430147b20ecf03b1e79abe6f6b350fa7be1c1_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:5ca1c51f319331e9040acdc25bacab449c812165d11da5deb40f72a7ccf9824d_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:9df8324b79247bd77ad74b8948ff134db72559e88c53fab3a1259b7113a677d9_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:5997b680718b3b4cd7f19b0c59774ce5f7827926c7f679a55cfd608c26cff7dc_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:8d0dbdfa02c2f09576916271aeb0cfeeffc6554c02ee95035bf827de75809017_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:a2bdfc8f71be04e61c6175ca533a4d759a69a297398319ddc751b5ffd9a4e3ef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws"
},
{
"cve": "CVE-2025-22869",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-02-26T04:00:47.683125+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:4e822fa90a85d0321e809dc028f6a72b1e47a3bb7173143d79206b9b8af55b7e_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:1213f967cbe599166dcaa07280cf27c48cbb5c3e2828df278090fb1aa4636c8c_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:13e0884bb5ae5129350025beea1cbd2a6fdd9087718f6e085738a048629519b9_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:c2322954825785303dc48f29c5176bc173f58ab3215b0c710000bdcee08458be_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d956ac914d55184d56a5f5dee491254f5267c0fbc984a1171429e3a234872a84_amd64",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e0ddb90fb05f486b80fe1c0e7222bc6dd90071f762ab8fd8cfc45a39faa020b0_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e10c4f241fb1dfa9437e453b65ed57ca79550e487f16bc6742d6c1359824dcc0_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:0b605af925e0664d9f6a89c2460cbe56b6af3979bc394e97518a1ce64756dccb_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:3ece40e4a3862dc29d9bb41f407117fc52db2ca8208a1dabe82eea28e7a9ba29_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:effcd9952d7714b29c9496cf632d8e8ad1f5e1fffe4a46e59d57da42490da840_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:63c5caa6688b3aae3aee9c58e497b1afc7b9b0638eb83a3627eed3004fca11c3_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f3066189610abf7be0b9d2e827a108d6cdfcdd1a26dea8bb426af669b40d12ff_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f99e4373e39a70c99f4c67cd1a10483c99310e478e5a8b840ab114d11ed2ebd3_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:091d2d34fbd525a7e9b2c4b1b8eef5283039dfcaac597bece9f4ad0236d1cbf9_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:1bf0e4367621ed8fef30b5fbd6fbffa59731ecb20cbb8c9772015f8958198a16_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a577adb2dbaddcf1ebdcec2a7c4d0a6b3a948fcf55d9890749f1605e8142b8d8_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:01217396dfa1ffa44e9cf6b384093a7b6946135fd8fa122083ac6062a3790a2d_ppc64le",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6987db3152cec7edcf50dbe86d50a5dcdb4923b0879212711b062718a1e4b162_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:ef04c7de41b9b0f5b53d7a8ac39121c509070a6023d75c1cf8f32301ab356567_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:134c31698768c99170eb6d27d6283b5f18459dec70fda9137ec0aac2ac60c324_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:be8e49378081f05fafba369f406d1cd211ca49e8fac21ce25176ab543094ae13_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ea043fb015e82632de477f17a94e0b9dd31b34312c0214fd2b8128e0d71ba716_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:54de6ce2c4b3a652b5af186490c65a07c4434d253548596f355b3cd3d4f1bd9b_s390x",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:f9d32726831f630601ad041898282bb5eaa50e81d6f8aeae6cf4a6fe272c37a6_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:fdd3cdce6f5d0308b19f84dbe31b746c3400c67b675a173e8062dfa593290e51_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:7e1b73c1d0ba5325bc430c8d01efa1e563f09bb34c1a88a4cf77a9001c7e955a_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:c12a41f6dfda6df2d532cc9c02e537c4fdcf52c7ec3ebb597bba38f1fe9eb040_ppc64le",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:cb4010ab30ac7e6d063fc7b746f1af3b811218e102013554f2f1969f6a237b20_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:01e231b75154957ecf5fa3f0d201f648d8558c6cfd7294a49865ff857316ee89_s390x",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:07939c868b6db934987241cdd6bef796bcc3fe3f0baf2ab940d1f6bf190141a5_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:193abc8712f684e9ed2d4b13b338ff20e3b29c07d433a7a73b0a7b152fff335d_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:37984d3f5b7450fc01b101e1635430147b20ecf03b1e79abe6f6b350fa7be1c1_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:5ca1c51f319331e9040acdc25bacab449c812165d11da5deb40f72a7ccf9824d_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:9df8324b79247bd77ad74b8948ff134db72559e88c53fab3a1259b7113a677d9_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:5997b680718b3b4cd7f19b0c59774ce5f7827926c7f679a55cfd608c26cff7dc_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:8d0dbdfa02c2f09576916271aeb0cfeeffc6554c02ee95035bf827de75809017_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:a2bdfc8f71be04e61c6175ca533a4d759a69a297398319ddc751b5ffd9a4e3ef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348367"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While this flaw affects both SSH clients and servers implemented with golang.org/x/crypto/ssh, realistically the flaw will only lead to a DoS when transferring large files, greatly reducing the likelihood of exploitation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:1fe43138f2ee8603e1f7aa2f9ade87a09099312836b79b606f09c6ded655c2a2_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:c3ad009df338a94aed8ca3d4d069bee447ce8b64291bc702fcfa408429108a80_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:d08147821133be235c9048e9b815576d38560f8e9745d64cf6ba1123dc3e3f89_s390x"
],
"known_not_affected": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:4e822fa90a85d0321e809dc028f6a72b1e47a3bb7173143d79206b9b8af55b7e_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:1213f967cbe599166dcaa07280cf27c48cbb5c3e2828df278090fb1aa4636c8c_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:13e0884bb5ae5129350025beea1cbd2a6fdd9087718f6e085738a048629519b9_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:c2322954825785303dc48f29c5176bc173f58ab3215b0c710000bdcee08458be_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d956ac914d55184d56a5f5dee491254f5267c0fbc984a1171429e3a234872a84_amd64",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e0ddb90fb05f486b80fe1c0e7222bc6dd90071f762ab8fd8cfc45a39faa020b0_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e10c4f241fb1dfa9437e453b65ed57ca79550e487f16bc6742d6c1359824dcc0_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:0b605af925e0664d9f6a89c2460cbe56b6af3979bc394e97518a1ce64756dccb_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:3ece40e4a3862dc29d9bb41f407117fc52db2ca8208a1dabe82eea28e7a9ba29_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:effcd9952d7714b29c9496cf632d8e8ad1f5e1fffe4a46e59d57da42490da840_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:63c5caa6688b3aae3aee9c58e497b1afc7b9b0638eb83a3627eed3004fca11c3_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f3066189610abf7be0b9d2e827a108d6cdfcdd1a26dea8bb426af669b40d12ff_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f99e4373e39a70c99f4c67cd1a10483c99310e478e5a8b840ab114d11ed2ebd3_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:091d2d34fbd525a7e9b2c4b1b8eef5283039dfcaac597bece9f4ad0236d1cbf9_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:1bf0e4367621ed8fef30b5fbd6fbffa59731ecb20cbb8c9772015f8958198a16_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a577adb2dbaddcf1ebdcec2a7c4d0a6b3a948fcf55d9890749f1605e8142b8d8_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:01217396dfa1ffa44e9cf6b384093a7b6946135fd8fa122083ac6062a3790a2d_ppc64le",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6987db3152cec7edcf50dbe86d50a5dcdb4923b0879212711b062718a1e4b162_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:ef04c7de41b9b0f5b53d7a8ac39121c509070a6023d75c1cf8f32301ab356567_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:134c31698768c99170eb6d27d6283b5f18459dec70fda9137ec0aac2ac60c324_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:be8e49378081f05fafba369f406d1cd211ca49e8fac21ce25176ab543094ae13_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ea043fb015e82632de477f17a94e0b9dd31b34312c0214fd2b8128e0d71ba716_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:54de6ce2c4b3a652b5af186490c65a07c4434d253548596f355b3cd3d4f1bd9b_s390x",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:f9d32726831f630601ad041898282bb5eaa50e81d6f8aeae6cf4a6fe272c37a6_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:fdd3cdce6f5d0308b19f84dbe31b746c3400c67b675a173e8062dfa593290e51_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:7e1b73c1d0ba5325bc430c8d01efa1e563f09bb34c1a88a4cf77a9001c7e955a_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:c12a41f6dfda6df2d532cc9c02e537c4fdcf52c7ec3ebb597bba38f1fe9eb040_ppc64le",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:cb4010ab30ac7e6d063fc7b746f1af3b811218e102013554f2f1969f6a237b20_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:01e231b75154957ecf5fa3f0d201f648d8558c6cfd7294a49865ff857316ee89_s390x",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:07939c868b6db934987241cdd6bef796bcc3fe3f0baf2ab940d1f6bf190141a5_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:193abc8712f684e9ed2d4b13b338ff20e3b29c07d433a7a73b0a7b152fff335d_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:37984d3f5b7450fc01b101e1635430147b20ecf03b1e79abe6f6b350fa7be1c1_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:5ca1c51f319331e9040acdc25bacab449c812165d11da5deb40f72a7ccf9824d_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:9df8324b79247bd77ad74b8948ff134db72559e88c53fab3a1259b7113a677d9_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:5997b680718b3b4cd7f19b0c59774ce5f7827926c7f679a55cfd608c26cff7dc_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:8d0dbdfa02c2f09576916271aeb0cfeeffc6554c02ee95035bf827de75809017_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:a2bdfc8f71be04e61c6175ca533a4d759a69a297398319ddc751b5ffd9a4e3ef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "RHBZ#2348367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348367"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869"
},
{
"category": "external",
"summary": "https://go.dev/cl/652135",
"url": "https://go.dev/cl/652135"
},
{
"category": "external",
"summary": "https://go.dev/issue/71931",
"url": "https://go.dev/issue/71931"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3487",
"url": "https://pkg.go.dev/vuln/GO-2025-3487"
}
],
"release_date": "2025-02-26T03:07:48.855000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-16T02:48:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:1fe43138f2ee8603e1f7aa2f9ade87a09099312836b79b606f09c6ded655c2a2_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:c3ad009df338a94aed8ca3d4d069bee447ce8b64291bc702fcfa408429108a80_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:d08147821133be235c9048e9b815576d38560f8e9745d64cf6ba1123dc3e3f89_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3932"
},
{
"category": "workaround",
"details": "This flaw can be mitigated when using the client only connecting to trusted servers.",
"product_ids": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:4e822fa90a85d0321e809dc028f6a72b1e47a3bb7173143d79206b9b8af55b7e_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:1213f967cbe599166dcaa07280cf27c48cbb5c3e2828df278090fb1aa4636c8c_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:13e0884bb5ae5129350025beea1cbd2a6fdd9087718f6e085738a048629519b9_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:c2322954825785303dc48f29c5176bc173f58ab3215b0c710000bdcee08458be_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d956ac914d55184d56a5f5dee491254f5267c0fbc984a1171429e3a234872a84_amd64",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e0ddb90fb05f486b80fe1c0e7222bc6dd90071f762ab8fd8cfc45a39faa020b0_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e10c4f241fb1dfa9437e453b65ed57ca79550e487f16bc6742d6c1359824dcc0_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:0b605af925e0664d9f6a89c2460cbe56b6af3979bc394e97518a1ce64756dccb_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:3ece40e4a3862dc29d9bb41f407117fc52db2ca8208a1dabe82eea28e7a9ba29_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:effcd9952d7714b29c9496cf632d8e8ad1f5e1fffe4a46e59d57da42490da840_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:63c5caa6688b3aae3aee9c58e497b1afc7b9b0638eb83a3627eed3004fca11c3_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f3066189610abf7be0b9d2e827a108d6cdfcdd1a26dea8bb426af669b40d12ff_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f99e4373e39a70c99f4c67cd1a10483c99310e478e5a8b840ab114d11ed2ebd3_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:091d2d34fbd525a7e9b2c4b1b8eef5283039dfcaac597bece9f4ad0236d1cbf9_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:1bf0e4367621ed8fef30b5fbd6fbffa59731ecb20cbb8c9772015f8958198a16_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a577adb2dbaddcf1ebdcec2a7c4d0a6b3a948fcf55d9890749f1605e8142b8d8_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:1fe43138f2ee8603e1f7aa2f9ade87a09099312836b79b606f09c6ded655c2a2_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:c3ad009df338a94aed8ca3d4d069bee447ce8b64291bc702fcfa408429108a80_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:d08147821133be235c9048e9b815576d38560f8e9745d64cf6ba1123dc3e3f89_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:01217396dfa1ffa44e9cf6b384093a7b6946135fd8fa122083ac6062a3790a2d_ppc64le",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6987db3152cec7edcf50dbe86d50a5dcdb4923b0879212711b062718a1e4b162_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:ef04c7de41b9b0f5b53d7a8ac39121c509070a6023d75c1cf8f32301ab356567_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:134c31698768c99170eb6d27d6283b5f18459dec70fda9137ec0aac2ac60c324_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:be8e49378081f05fafba369f406d1cd211ca49e8fac21ce25176ab543094ae13_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ea043fb015e82632de477f17a94e0b9dd31b34312c0214fd2b8128e0d71ba716_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:54de6ce2c4b3a652b5af186490c65a07c4434d253548596f355b3cd3d4f1bd9b_s390x",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:f9d32726831f630601ad041898282bb5eaa50e81d6f8aeae6cf4a6fe272c37a6_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:fdd3cdce6f5d0308b19f84dbe31b746c3400c67b675a173e8062dfa593290e51_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:7e1b73c1d0ba5325bc430c8d01efa1e563f09bb34c1a88a4cf77a9001c7e955a_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:c12a41f6dfda6df2d532cc9c02e537c4fdcf52c7ec3ebb597bba38f1fe9eb040_ppc64le",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:cb4010ab30ac7e6d063fc7b746f1af3b811218e102013554f2f1969f6a237b20_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:01e231b75154957ecf5fa3f0d201f648d8558c6cfd7294a49865ff857316ee89_s390x",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:07939c868b6db934987241cdd6bef796bcc3fe3f0baf2ab940d1f6bf190141a5_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:193abc8712f684e9ed2d4b13b338ff20e3b29c07d433a7a73b0a7b152fff335d_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:37984d3f5b7450fc01b101e1635430147b20ecf03b1e79abe6f6b350fa7be1c1_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:5ca1c51f319331e9040acdc25bacab449c812165d11da5deb40f72a7ccf9824d_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:9df8324b79247bd77ad74b8948ff134db72559e88c53fab3a1259b7113a677d9_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:5997b680718b3b4cd7f19b0c59774ce5f7827926c7f679a55cfd608c26cff7dc_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:8d0dbdfa02c2f09576916271aeb0cfeeffc6554c02ee95035bf827de75809017_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:a2bdfc8f71be04e61c6175ca533a4d759a69a297398319ddc751b5ffd9a4e3ef_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:4e822fa90a85d0321e809dc028f6a72b1e47a3bb7173143d79206b9b8af55b7e_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:1213f967cbe599166dcaa07280cf27c48cbb5c3e2828df278090fb1aa4636c8c_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:13e0884bb5ae5129350025beea1cbd2a6fdd9087718f6e085738a048629519b9_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:c2322954825785303dc48f29c5176bc173f58ab3215b0c710000bdcee08458be_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d956ac914d55184d56a5f5dee491254f5267c0fbc984a1171429e3a234872a84_amd64",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e0ddb90fb05f486b80fe1c0e7222bc6dd90071f762ab8fd8cfc45a39faa020b0_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e10c4f241fb1dfa9437e453b65ed57ca79550e487f16bc6742d6c1359824dcc0_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:0b605af925e0664d9f6a89c2460cbe56b6af3979bc394e97518a1ce64756dccb_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:3ece40e4a3862dc29d9bb41f407117fc52db2ca8208a1dabe82eea28e7a9ba29_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:effcd9952d7714b29c9496cf632d8e8ad1f5e1fffe4a46e59d57da42490da840_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:63c5caa6688b3aae3aee9c58e497b1afc7b9b0638eb83a3627eed3004fca11c3_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f3066189610abf7be0b9d2e827a108d6cdfcdd1a26dea8bb426af669b40d12ff_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f99e4373e39a70c99f4c67cd1a10483c99310e478e5a8b840ab114d11ed2ebd3_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:091d2d34fbd525a7e9b2c4b1b8eef5283039dfcaac597bece9f4ad0236d1cbf9_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:1bf0e4367621ed8fef30b5fbd6fbffa59731ecb20cbb8c9772015f8958198a16_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a577adb2dbaddcf1ebdcec2a7c4d0a6b3a948fcf55d9890749f1605e8142b8d8_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:1fe43138f2ee8603e1f7aa2f9ade87a09099312836b79b606f09c6ded655c2a2_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:c3ad009df338a94aed8ca3d4d069bee447ce8b64291bc702fcfa408429108a80_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:d08147821133be235c9048e9b815576d38560f8e9745d64cf6ba1123dc3e3f89_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:01217396dfa1ffa44e9cf6b384093a7b6946135fd8fa122083ac6062a3790a2d_ppc64le",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6987db3152cec7edcf50dbe86d50a5dcdb4923b0879212711b062718a1e4b162_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:ef04c7de41b9b0f5b53d7a8ac39121c509070a6023d75c1cf8f32301ab356567_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:134c31698768c99170eb6d27d6283b5f18459dec70fda9137ec0aac2ac60c324_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:be8e49378081f05fafba369f406d1cd211ca49e8fac21ce25176ab543094ae13_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ea043fb015e82632de477f17a94e0b9dd31b34312c0214fd2b8128e0d71ba716_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:54de6ce2c4b3a652b5af186490c65a07c4434d253548596f355b3cd3d4f1bd9b_s390x",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:f9d32726831f630601ad041898282bb5eaa50e81d6f8aeae6cf4a6fe272c37a6_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:fdd3cdce6f5d0308b19f84dbe31b746c3400c67b675a173e8062dfa593290e51_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:7e1b73c1d0ba5325bc430c8d01efa1e563f09bb34c1a88a4cf77a9001c7e955a_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:c12a41f6dfda6df2d532cc9c02e537c4fdcf52c7ec3ebb597bba38f1fe9eb040_ppc64le",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:cb4010ab30ac7e6d063fc7b746f1af3b811218e102013554f2f1969f6a237b20_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:01e231b75154957ecf5fa3f0d201f648d8558c6cfd7294a49865ff857316ee89_s390x",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:07939c868b6db934987241cdd6bef796bcc3fe3f0baf2ab940d1f6bf190141a5_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:193abc8712f684e9ed2d4b13b338ff20e3b29c07d433a7a73b0a7b152fff335d_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:37984d3f5b7450fc01b101e1635430147b20ecf03b1e79abe6f6b350fa7be1c1_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:5ca1c51f319331e9040acdc25bacab449c812165d11da5deb40f72a7ccf9824d_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:9df8324b79247bd77ad74b8948ff134db72559e88c53fab3a1259b7113a677d9_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:5997b680718b3b4cd7f19b0c59774ce5f7827926c7f679a55cfd608c26cff7dc_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:8d0dbdfa02c2f09576916271aeb0cfeeffc6554c02ee95035bf827de75809017_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:a2bdfc8f71be04e61c6175ca533a4d759a69a297398319ddc751b5ffd9a4e3ef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…