Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-69873 (GCVE-0-2025-69873)
Vulnerability from cvelistv5 – Published: 2026-02-11 00:00 – Updated: 2026-06-30 03:15
VLAI
EPSS
Summary
ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp() constructor without validation. An attacker can inject a malicious regex pattern (e.g., "^(a|a)*$") combined with crafted input to cause catastrophic backtracking. A 31-character payload causes approximately 44 seconds of CPU blocking, with each additional character doubling execution time. This enables complete denial of service with a single HTTP request against any API using ajv with $data: true for dynamic schema validation. This issue is also fixed in version 6.14.0.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
31 references
Impacted products
65 products
| Vendor | Product | Version | |
|---|---|---|---|
| ajv.js | ajv |
Affected:
0 , < 6.14.0
(semver)
Affected: 7.0.0 , < 8.17.2 (semver) |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server |
cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.5 for RHEL 8 |
cpe:/a:redhat:ansible_automation_platform:2.5::el8 cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8 cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.5 for RHEL 9 |
cpe:/a:redhat:ansible_automation_platform:2.5::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.6 for RHEL 9 |
cpe:/a:redhat:ansible_automation_platform:2.6::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9 |
|
| Red Hat | Network Observability (NETOBSERV) 1.11.2 |
cpe:/a:redhat:network_observ_optr:1.11::el9 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.6 |
cpe:/a:redhat:ansible_automation_platform:2.6::el9 |
|
| Red Hat | Red Hat Developer Hub 1.8 |
cpe:/a:redhat:rhdh:1.8::el9 |
|
| Red Hat | Red Hat Developer Hub 1.9 |
cpe:/a:redhat:rhdh:1.9::el9 |
|
| Red Hat | Red Hat OpenShift AI 2.16 |
cpe:/a:redhat:openshift_ai:2.16::el8 |
|
| Red Hat | Red Hat OpenShift AI 3.3 |
cpe:/a:redhat:openshift_ai:3.3::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.14 |
cpe:/a:redhat:openshift:4.14::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.16 |
cpe:/a:redhat:openshift:4.16::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.17 |
cpe:/a:redhat:openshift:4.17::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.19 |
cpe:/a:redhat:openshift:4.19::el9 |
|
| Red Hat | Red Hat OpenShift Dev Spaces 3.27 |
cpe:/a:redhat:openshift_devspaces:3.27::el9 |
|
| Red Hat | Red Hat Quay 3.14 |
cpe:/a:redhat:quay:3.14::el8 |
|
| Red Hat | Red Hat Quay 3.15 |
cpe:/a:redhat:quay:3.15::el8 |
|
| Red Hat | Red Hat Quay 3.16 |
cpe:/a:redhat:quay:3.16::el9 |
|
| Red Hat | Red Hat Quay 3.9 |
cpe:/a:redhat:quay:3.9::el8 |
|
| Red Hat | Red Hat Satellite 6.18 |
cpe:/a:redhat:satellite:6.18::el9 |
|
| Red Hat | Confidential Compute Attestation |
cpe:/a:redhat:confidential_compute_attestation:1 |
|
| Red Hat | Logging Subsystem for Red Hat OpenShift |
cpe:/a:redhat:logging:5 |
|
| Red Hat | Node HealthCheck Operator |
cpe:/a:redhat:workload_availability_nhc:0 |
|
| Red Hat | OpenShift Pipelines |
cpe:/a:redhat:openshift_pipelines:1 |
|
| Red Hat | Red Hat 3scale API Management Platform 2 |
cpe:/a:redhat:red_hat_3scale_amp:2 |
|
| Red Hat | Red Hat Ansible Automation Platform 2 |
cpe:/a:redhat:ansible_automation_platform:2 |
|
| Red Hat | Red Hat build of Apicurio Registry 2 |
cpe:/a:redhat:service_registry:2 |
|
| Red Hat | Red Hat Connectivity Link 1 |
cpe:/a:redhat:connectivity_link:1 |
|
| Red Hat | Red Hat Data Grid 8 |
cpe:/a:redhat:jboss_data_grid:8 |
|
| Red Hat | Red Hat Edge Manager 1 |
cpe:/a:redhat:edge_manager:1 |
|
| Red Hat | Red Hat Enterprise Linux AI (RHEL AI) 3 |
cpe:/a:redhat:enterprise_linux_ai:3 |
|
| Red Hat | Red Hat Fuse 7 |
cpe:/a:redhat:jboss_fuse:7 |
|
| Red Hat | Red Hat Openshift Data Foundation 4 |
cpe:/a:redhat:openshift_data_foundation:4 |
|
| Red Hat | Red Hat OpenShift Dev Spaces |
cpe:/a:redhat:openshift_devspaces:3 |
|
| Red Hat | Red Hat OpenShift GitOps |
cpe:/a:redhat:openshift_gitops:1 |
|
| Red Hat | Red Hat Single Sign-On 7 |
cpe:/a:redhat:red_hat_single_sign_on:7 |
|
| Red Hat | streams for Apache Kafka 3 |
cpe:/a:redhat:amq_streams:3 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.6 for RHEL 10 |
cpe:/a:redhat:ansible_automation_platform:2.6::el10 cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10 |
|
| Red Hat | Cryostat 4 |
cpe:/a:redhat:cryostat:4 |
|
| Red Hat | Gatekeeper 3 |
cpe:/a:redhat:gatekeeper:3 |
|
| Red Hat | Multicluster Engine for Kubernetes |
cpe:/a:redhat:multicluster_engine |
|
| Red Hat | Network Observability Operator |
cpe:/a:redhat:network_observ_optr:1 |
|
| Red Hat | OpenShift Service Mesh 2 |
cpe:/a:redhat:service_mesh:2 |
|
| Red Hat | OpenShift Service Mesh 3 |
cpe:/a:redhat:service_mesh:3 |
|
| Red Hat | Red Hat Advanced Cluster Management for Kubernetes 2 |
cpe:/a:redhat:acm:2 |
|
| Red Hat | Red Hat Advanced Cluster Security 4 |
cpe:/a:redhat:advanced_cluster_security:4 |
|
| Red Hat | Red Hat AMQ Broker 7 |
cpe:/a:redhat:amq_broker:7 |
|
| Red Hat | Red Hat build of Apache Camel - HawtIO 4 |
cpe:/a:redhat:apache_camel_hawtio:4 |
|
| Red Hat | Red Hat build of OptaPlanner 8 |
cpe:/a:redhat:optaplanner:::el6 |
|
| Red Hat | Red Hat Directory Server 11 |
cpe:/a:redhat:directory_server:11 |
|
| Red Hat | Red Hat Directory Server 12 |
cpe:/a:redhat:directory_server:12 |
|
| Red Hat | Red Hat Directory Server 13 |
cpe:/a:redhat:directory_server:13 |
|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 7 |
cpe:/a:redhat:jboss_enterprise_application_platform:7 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 8 |
cpe:/a:redhat:jboss_enterprise_application_platform:8 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform Expansion Pack |
cpe:/a:redhat:jbosseapxp |
|
| Red Hat | Red Hat OpenShift AI (RHOAI) |
cpe:/a:redhat:openshift_ai |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
|
| Red Hat | Red Hat Process Automation 7 |
cpe:/a:redhat:jboss_enterprise_bpms_platform:7 |
|
| Red Hat | Red Hat Satellite 6 |
cpe:/a:redhat:satellite:6 |
|
| Red Hat | streams for Apache Kafka 2 |
cpe:/a:redhat:amq_streams:2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-69873",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-12T15:13:03.482882Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T17:25:31.651Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
],
"defaultStatus": "affected",
"product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:network_observ_optr:1.11::el9"
],
"defaultStatus": "affected",
"product": "Network Observability (NETOBSERV) 1.11.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.8::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.9::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai:2.16::el8"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI 2.16",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai:3.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI 3.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.14::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.16::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.16",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.17::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.17",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.19::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.19",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3.27::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Spaces 3.27",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.14::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.15::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.16::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.16",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6.18::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6.18",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:confidential_compute_attestation:1"
],
"defaultStatus": "affected",
"product": "Confidential Compute Attestation",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:5"
],
"defaultStatus": "affected",
"product": "Logging Subsystem for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:workload_availability_nhc:0"
],
"defaultStatus": "affected",
"product": "Node HealthCheck Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1"
],
"defaultStatus": "affected",
"product": "OpenShift Pipelines",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_3scale_amp:2"
],
"defaultStatus": "affected",
"product": "Red Hat 3scale API Management Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_registry:2"
],
"defaultStatus": "affected",
"product": "Red Hat build of Apicurio Registry 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:connectivity_link:1"
],
"defaultStatus": "affected",
"product": "Red Hat Connectivity Link 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_data_grid:8"
],
"defaultStatus": "affected",
"product": "Red Hat Data Grid 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:edge_manager:1"
],
"defaultStatus": "affected",
"product": "Red Hat Edge Manager 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux_ai:3"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
],
"defaultStatus": "affected",
"product": "Red Hat Fuse 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4"
],
"defaultStatus": "affected",
"product": "Red Hat Openshift Data Foundation 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Spaces",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_gitops:1"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift GitOps",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7"
],
"defaultStatus": "affected",
"product": "Red Hat Single Sign-On 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:3"
],
"defaultStatus": "affected",
"product": "streams for Apache Kafka 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el10",
"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10"
],
"defaultStatus": "unaffected",
"product": "Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cryostat:4"
],
"defaultStatus": "unaffected",
"product": "Cryostat 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:gatekeeper:3"
],
"defaultStatus": "unaffected",
"product": "Gatekeeper 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine"
],
"defaultStatus": "unaffected",
"product": "Multicluster Engine for Kubernetes",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:network_observ_optr:1"
],
"defaultStatus": "unaffected",
"product": "Network Observability Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:2"
],
"defaultStatus": "unaffected",
"product": "OpenShift Service Mesh 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3"
],
"defaultStatus": "unaffected",
"product": "OpenShift Service Mesh 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2"
],
"defaultStatus": "unaffected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat Advanced Cluster Security 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_broker:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat AMQ Broker 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:apache_camel_hawtio:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat build of Apache Camel - HawtIO 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:optaplanner:::el6"
],
"defaultStatus": "unaffected",
"product": "Red Hat build of OptaPlanner 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:directory_server:11"
],
"defaultStatus": "unaffected",
"product": "Red Hat Directory Server 11",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:directory_server:12"
],
"defaultStatus": "unaffected",
"product": "Red Hat Directory Server 12",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:directory_server:13"
],
"defaultStatus": "unaffected",
"product": "Red Hat Directory Server 13",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat JBoss Enterprise Application Platform 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8"
],
"defaultStatus": "unaffected",
"product": "Red Hat JBoss Enterprise Application Platform 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jbosseapxp"
],
"defaultStatus": "unaffected",
"product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat Process Automation 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "unaffected",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:2"
],
"defaultStatus": "unaffected",
"product": "streams for Apache Kafka 2",
"vendor": "Red Hat"
}
],
"datePublic": "2026-02-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T03:15:35.561Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-69873"
},
{
"name": "RHBZ#2439070",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439070"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69873.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33371"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13512"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6277"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16874"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6309"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9742"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6802"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19712"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:15091"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14774"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5910"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5907"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10093"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7314"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6497"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6567"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26214"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26211"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:33371: Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server"
},
{
"lang": "en",
"value": "RHSA-2026:13512: Red Hat Ansible Automation Platform 2.5 for RHEL 8, Red Hat Ansible Automation Platform 2.5 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:6277: Red Hat Ansible Automation Platform 2.6 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:16874: Network Observability (NETOBSERV) 1.11.2"
},
{
"lang": "en",
"value": "RHSA-2026:6309: Red Hat Ansible Automation Platform 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:9742: Red Hat Developer Hub 1.8"
},
{
"lang": "en",
"value": "RHSA-2026:6802: Red Hat Developer Hub 1.9"
},
{
"lang": "en",
"value": "RHSA-2026:5807: Red Hat OpenShift AI 2.16"
},
{
"lang": "en",
"value": "RHSA-2026:19712: Red Hat OpenShift AI 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:15091: Red Hat OpenShift Container Platform 4.14"
},
{
"lang": "en",
"value": "RHSA-2026:14774: Red Hat OpenShift Container Platform 4.15"
},
{
"lang": "en",
"value": "RHSA-2026:5910: Red Hat OpenShift Container Platform 4.16"
},
{
"lang": "en",
"value": "RHSA-2026:5907: Red Hat OpenShift Container Platform 4.17"
},
{
"lang": "en",
"value": "RHSA-2026:10093: Red Hat OpenShift Container Platform 4.19"
},
{
"lang": "en",
"value": "RHSA-2026:6192: Red Hat OpenShift Dev Spaces 3.27"
},
{
"lang": "en",
"value": "RHSA-2026:7314: Red Hat Quay 3.14"
},
{
"lang": "en",
"value": "RHSA-2026:6568: Red Hat Quay 3.15"
},
{
"lang": "en",
"value": "RHSA-2026:6497: Red Hat Quay 3.16"
},
{
"lang": "en",
"value": "RHSA-2026:6567: Red Hat Quay 3.16"
},
{
"lang": "en",
"value": "RHSA-2026:5168: Red Hat Quay 3.9"
},
{
"lang": "en",
"value": "RHSA-2026:26214: Red Hat Satellite 6.18"
},
{
"lang": "en",
"value": "RHSA-2026:26211: Red Hat Satellite 6.18"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-11T19:01:32.953Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-02-11T00:00:00.000Z",
"value": "Made public."
}
],
"title": "ajv: ReDoS via $data reference",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this issue, disable the $data feature if your application does not require it. If $data must be used, implement strict validation of the input fields that are referenced by the pattern keyword to ensure they contain only expected and safe characters."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ajv",
"vendor": "ajv.js",
"versions": [
{
"lessThan": "6.14.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "8.17.2",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ajv.js:ajv:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ajv.js:ajv:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.17.2",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp() constructor without validation. An attacker can inject a malicious regex pattern (e.g., \"^(a|a)*$\") combined with crafted input to cause catastrophic backtracking. A 31-character payload causes approximately 44 seconds of CPU blocking, with each additional character doubling execution time. This enables complete denial of service with a single HTTP request against any API using ajv with $data: true for dynamic schema validation. This issue is also fixed in version 6.14.0."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333 Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T20:22:25.698Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/advisories/GHSA-2g4f-4pwh-qvx6"
},
{
"url": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md"
},
{
"url": "https://github.com/github/advisory-database/pull/6991"
},
{
"url": "https://github.com/ajv-validator/ajv/pull/2588"
},
{
"url": "https://github.com/ajv-validator/ajv/releases/tag/v6.14.0"
},
{
"url": "https://github.com/ajv-validator/ajv/pull/2590"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-69873",
"datePublished": "2026-02-11T00:00:00.000Z",
"dateReserved": "2026-01-09T00:00:00.000Z",
"dateUpdated": "2026-06-30T03:15:35.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-69873",
"date": "2026-06-29",
"epss": "0.00407",
"percentile": "0.32511"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-69873\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2026-02-11T19:15:50.467\",\"lastModified\":\"2026-06-30T05:17:30.927\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp() constructor without validation. An attacker can inject a malicious regex pattern (e.g., \\\"^(a|a)*$\\\") combined with crafted input to cause catastrophic backtracking. A 31-character payload causes approximately 44 seconds of CPU blocking, with each additional character doubling execution time. This enables complete denial of service with a single HTTP request against any API using ajv with $data: true for dynamic schema validation. This issue is also fixed in version 6.14.0.\"},{\"lang\":\"es\",\"value\":\"ajv (Another JSON Schema Validator) hasta la versi\u00f3n 8.17.1 es vulnerable a la denegaci\u00f3n de servicio por expresiones regulares (ReDoS) cuando la opci\u00f3n $data est\u00e1 habilitada. La palabra clave \u0027pattern\u0027 acepta datos en tiempo de ejecuci\u00f3n a trav\u00e9s de la sintaxis JSON Pointer (referencia $data), que se pasa directamente al constructor JavaScript RegExp() sin validaci\u00f3n. Un atacante puede inyectar un patr\u00f3n de expresi\u00f3n regular malicioso (por ejemplo, \u0027^(a|a)*$\u0027) combinado con una entrada manipulada para causar un retroceso catastr\u00f3fico. Una carga \u00fatil de 31 caracteres causa aproximadamente 44 segundos de bloqueo de CPU, y cada car\u00e1cter adicional duplica el tiempo de ejecuci\u00f3n. Esto permite una denegaci\u00f3n de servicio completa con una \u00fanica solicitud HTTP contra cualquier API que utilice ajv con $data: true para la validaci\u00f3n din\u00e1mica de esquemas.\"}],\"affected\":[{\"source\":\"cve@mitre.org\",\"affectedData\":[{\"vendor\":\"ajv.js\",\"product\":\"ajv\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"6.14.0\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"7.0.0\",\"lessThan\":\"8.17.2\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2.5 for RHEL 8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2.5::el8\",\"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8\",\"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2.5 for RHEL 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2.5::el9\",\"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9\",\"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2.6 for RHEL 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2.6::el9\",\"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9\",\"cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Network Observability (NETOBSERV) 1.11.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:network_observ_optr:1.11::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2.6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2.6::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Developer Hub 1.8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhdh:1.8::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Developer Hub 1.9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhdh:1.9::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift AI 2.16\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_ai:2.16::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift AI 3.3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_ai:3.3::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.14\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.14::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.15\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.15::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.16\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.16::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.17\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.17::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.19\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.19::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Dev Spaces 3.27\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_devspaces:3.27::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.14\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3.14::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.15\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3.15::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.16\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3.16::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3.9::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Satellite 6.18\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:satellite:6.18::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Confidential Compute Attestation\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:confidential_compute_attestation:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Logging Subsystem for Red Hat OpenShift\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:logging:5\"]},{\"vendor\":\"Red Hat\",\"product\":\"Node HealthCheck Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:workload_availability_nhc:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Pipelines\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_pipelines:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat 3scale API Management Platform 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:red_hat_3scale_amp:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat build of Apicurio Registry 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_registry:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Connectivity Link 1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:connectivity_link:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Data Grid 8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:jboss_data_grid:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Edge Manager 1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:edge_manager:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AI (RHEL AI) 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux_ai:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Fuse 7\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:jboss_fuse:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Openshift Data Foundation 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_data_foundation:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Dev Spaces\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_devspaces:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift GitOps\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_gitops:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Single Sign-On 7\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:red_hat_single_sign_on:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"streams for Apache Kafka 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:amq_streams:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2.6 for RHEL 10\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2.6::el10\",\"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10\"]},{\"vendor\":\"Red Hat\",\"product\":\"Cryostat 4\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:cryostat:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Gatekeeper 3\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:gatekeeper:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Multicluster Engine for Kubernetes\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine\"]},{\"vendor\":\"Red Hat\",\"product\":\"Network Observability Operator\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:network_observ_optr:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Service Mesh 2\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Service Mesh 3\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Management for Kubernetes 2\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:acm:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Security 4\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat AMQ Broker 7\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:amq_broker:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat build of Apache Camel - HawtIO 4\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:apache_camel_hawtio:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat build of OptaPlanner 8\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:optaplanner:::el6\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Directory Server 11\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:directory_server:11\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Directory Server 12\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:directory_server:12\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Directory Server 13\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:directory_server:13\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 10\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat JBoss Enterprise Application Platform 7\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:jboss_enterprise_application_platform:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat JBoss Enterprise Application Platform 8\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:jboss_enterprise_application_platform:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat JBoss Enterprise Application Platform Expansion Pack\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:jbosseapxp\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift AI (RHOAI)\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:openshift_ai\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:openshift:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Process Automation 7\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:jboss_enterprise_bpms_platform:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Satellite 6\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:satellite:6\"]},{\"vendor\":\"Red Hat\",\"product\":\"streams for Apache Kafka 2\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:amq_streams:2\"]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":2.9,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.4,\"impactScore\":1.4},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-02-12T15:13:03.482882Z\",\"id\":\"CVE-2025-69873\",\"options\":[{\"exploitation\":\"poc\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1333\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1333\"}]}],\"references\":[{\"url\":\"https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/advisories/GHSA-2g4f-4pwh-qvx6\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/ajv-validator/ajv/pull/2588\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/ajv-validator/ajv/pull/2590\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/ajv-validator/ajv/releases/tag/v6.14.0\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/github/advisory-database/pull/6991\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:10093\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:13512\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:14774\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:15091\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16874\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19712\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:26211\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:26214\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33371\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5168\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5807\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5907\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5910\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:6192\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:6277\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:6309\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:6497\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:6567\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:6568\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:6802\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7314\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:9742\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2025-69873\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2439070\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69873.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"ajv: ReDoS via $data reference\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"cpes\": [\"cpe:/a:redhat:ansible_automation_platform:2.5::el8\", \"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8\", \"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ansible Automation Platform 2.5 for RHEL 8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_automation_platform:2.5::el9\", \"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9\", \"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ansible Automation Platform 2.5 for RHEL 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_automation_platform:2.6::el9\", \"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9\", \"cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ansible Automation Platform 2.6 for RHEL 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:network_observ_optr:1.11::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Network Observability (NETOBSERV) 1.11.2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_automation_platform:2.6::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ansible Automation Platform 2.6\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhdh:1.8::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Developer Hub 1.8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhdh:1.9::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Developer Hub 1.9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_ai:2.16::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift AI 2.16\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_ai:3.3::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift AI 3.3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.14::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.14\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.15::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.15\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.16::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.16\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.17::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.17\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.19::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.19\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_devspaces:3.27::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Dev Spaces 3.27\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3.14::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3.14\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3.15::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3.15\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3.16::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3.16\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3.9::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3.9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:satellite:6.18::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Satellite 6.18\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:confidential_compute_attestation:1\"], \"vendor\": \"Red Hat\", \"product\": \"Confidential Compute Attestation\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:logging:5\"], \"vendor\": \"Red Hat\", \"product\": \"Logging Subsystem for Red Hat OpenShift\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:workload_availability_nhc:0\"], \"vendor\": \"Red Hat\", \"product\": \"Node HealthCheck Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_pipelines:1\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Pipelines\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:red_hat_3scale_amp:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat 3scale API Management Platform 2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_automation_platform:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ansible Automation Platform 2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_registry:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat build of Apicurio Registry 2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:connectivity_link:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Connectivity Link 1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_data_grid:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Data Grid 8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:edge_manager:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Edge Manager 1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux_ai:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AI (RHEL AI) 3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_fuse:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Fuse 7\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_data_foundation:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Openshift Data Foundation 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_devspaces:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Dev Spaces\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_gitops:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift GitOps\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:red_hat_single_sign_on:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Single Sign-On 7\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:amq_streams:3\"], \"vendor\": \"Red Hat\", \"product\": \"streams for Apache Kafka 3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_automation_platform:2.6::el10\", \"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ansible Automation Platform 2.6 for RHEL 10\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:cryostat:4\"], \"vendor\": \"Red Hat\", \"product\": \"Cryostat 4\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:gatekeeper:3\"], \"vendor\": \"Red Hat\", \"product\": \"Gatekeeper 3\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_engine\"], \"vendor\": \"Red Hat\", \"product\": \"Multicluster Engine for Kubernetes\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:network_observ_optr:1\"], \"vendor\": \"Red Hat\", \"product\": \"Network Observability Operator\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:2\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Service Mesh 2\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Service Mesh 3\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:acm:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Management for Kubernetes 2\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:advanced_cluster_security:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Security 4\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:amq_broker:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat AMQ Broker 7\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:apache_camel_hawtio:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat build of Apache Camel - HawtIO 4\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:optaplanner:::el6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat build of OptaPlanner 8\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:directory_server:11\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Directory Server 11\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:directory_server:12\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Directory Server 12\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:directory_server:13\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Directory Server 13\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 7\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 8\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:jbosseapxp\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform Expansion Pack\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_ai\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift AI (RHOAI)\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_bpms_platform:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Process Automation 7\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:satellite:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Satellite 6\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:amq_streams:2\"], \"vendor\": \"Red Hat\", \"product\": \"streams for Apache Kafka 2\", \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-02-11T19:01:32.953Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2026-02-11T00:00:00.000Z\", \"value\": \"Made public.\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"RHSA-2026:13512: Red Hat Ansible Automation Platform 2.5 for RHEL 8, Red Hat Ansible Automation Platform 2.5 for RHEL 9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:6277: Red Hat Ansible Automation Platform 2.6 for RHEL 9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16874: Network Observability (NETOBSERV) 1.11.2\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:6309: Red Hat Ansible Automation Platform 2.6\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:9742: Red Hat Developer Hub 1.8\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:6802: Red Hat Developer Hub 1.9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5807: Red Hat OpenShift AI 2.16\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19712: Red Hat OpenShift AI 3.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:15091: Red Hat OpenShift Container Platform 4.14\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:14774: Red Hat OpenShift Container Platform 4.15\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5910: Red Hat OpenShift Container Platform 4.16\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5907: Red Hat OpenShift Container Platform 4.17\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:10093: Red Hat OpenShift Container Platform 4.19\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:6192: Red Hat OpenShift Dev Spaces 3.27\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:7314: Red Hat Quay 3.14\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:6568: Red Hat Quay 3.15\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:6497: Red Hat Quay 3.16\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:6567: Red Hat Quay 3.16\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5168: Red Hat Quay 3.9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:26214: Red Hat Satellite 6.18\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:26211: Red Hat Satellite 6.18\"}], \"x_adpType\": \"supplier\", \"datePublic\": \"2026-02-11T00:00:00.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2025-69873\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2439070\", \"name\": \"RHBZ#2439070\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69873.json\", \"tags\": [\"x_sadp-csaf-vex\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:13512\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:6277\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16874\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:6309\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:9742\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:6802\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5807\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19712\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:15091\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:14774\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5910\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5907\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:10093\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:6192\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7314\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:6568\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:6497\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:6567\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5168\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:26214\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:26211\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"To mitigate this issue, disable the $data feature if your application does not require it. If $data must be used, implement strict validation of the input fields that are referenced by the pattern keyword to ensure they contain only expected and safe characters.\"}], \"x_generator\": {\"engine\": \"sadp-cli 1.0.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1333\", \"description\": \"Inefficient Regular Expression Complexity\"}]}], \"providerMetadata\": {\"orgId\": \"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\", \"shortName\": \"redhat-SADP\", \"dateUpdated\": \"2026-06-30T02:43:26.019Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-69873\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-12T15:13:03.482882Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400 Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-12T15:14:20.520Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 2.9, \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L\"}}], \"affected\": [{\"vendor\": \"ajv.js\", \"product\": \"ajv\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"6.14.0\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"7.0.0\", \"lessThan\": \"8.17.2\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/advisories/GHSA-2g4f-4pwh-qvx6\"}, {\"url\": \"https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md\"}, {\"url\": \"https://github.com/github/advisory-database/pull/6991\"}, {\"url\": \"https://github.com/ajv-validator/ajv/pull/2588\"}, {\"url\": \"https://github.com/ajv-validator/ajv/releases/tag/v6.14.0\"}, {\"url\": \"https://github.com/ajv-validator/ajv/pull/2590\"}], \"x_generator\": {\"engine\": \"enrichogram 0.0.1\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp() constructor without validation. An attacker can inject a malicious regex pattern (e.g., \\\"^(a|a)*$\\\") combined with crafted input to cause catastrophic backtracking. A 31-character payload causes approximately 44 seconds of CPU blocking, with each additional character doubling execution time. This enables complete denial of service with a single HTTP request against any API using ajv with $data: true for dynamic schema validation. This issue is also fixed in version 6.14.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1333\", \"description\": \"CWE-1333 Inefficient Regular Expression Complexity\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:ajv.js:ajv:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.14.0\"}, {\"criteria\": \"cpe:2.3:a:ajv.js:ajv:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"8.17.2\", \"versionStartIncluding\": \"7.0.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2026-03-02T20:22:25.698Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-69873\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-30T02:43:26.019Z\", \"dateReserved\": \"2026-01-09T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2026-02-11T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:7314
Vulnerability from csaf_redhat - Published: 2026-04-09 13:39 - Updated: 2026-06-30 04:29Summary
Red Hat Security Advisory: Red Hat Quay 3.14.7
Severity
Important
Notes
Topic: Red Hat Quay 3.14.7 is now available with bug fixes.
Details: Quay 3.14.7
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:01f890a5280ddd4093134dc21578f8a5f06cdade4b9a6d59f31ca8deec8c43c3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:3f44613559972c360a7e0cfce386ee3d840bc36dcb16175780835d53babe482f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:5e1a86fac8d2a2a63daccd105780c5a526e26d051ffdd62d4f64c3da6561011b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:cfc2d2a2638d28ec365e50ddf997dd0fcc8782987ab5987db729e55b8f2c53e5_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:2f4708fcb6d33a83959cf9d5733e12910b8f64a5fcf29051fd67803c8b103496_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:547aee162884d7561359375f6eada553365072bff6f51b212a228e066172ed1f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:702d3486624a33c0b929547f59a7491f2b9246be5e4d39426ca48a3d2275e6f1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:b1b56d8dd5b46faae23d6024411c4f9992a370d10965699608e3358c2f6c66b6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:2915b3d961ac8a528af082803772c04edb5171a4590386935a1912f2718ed060_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:20938513fd9709176b158553286b615f857e2458cd3515c4f31f585f944a265f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3818efd3c5bfc2e39819f11323c8075b09a72b4daff70946f8ee231a1dceb6e3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6c69e9ffcf29e4769d14d1de2f24ae52231237803804f77907742d7591397201_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6e721e2b88de017546485b427aeda9115e8596d875f71de7c7c0f95239136402_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:92aeb229c424e0335d5f921844b049123153fa07f76c4e03c8cdd9b5476dac61_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b3edfd46a42bd6769ee81d620a958b84d4f2bfc3459370abbb6e82ef4fcfc6a2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c35821e22efa8a22625a725bf8130dc183d235e4f9bb851df082523f90658898_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e5750707f2e4b31acb300dda672c7763b3643391254369c7c1835675dc9637c6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:689af696935a204022de3c25fc5a4095883b90e0604715f500f3bef50f05ed5f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:6ff08f45f119498ac294e216ae39f2385e8b5f1e0e348a3cc7046db87c4947a5_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:83d96120338afda38bf9eb59fd514124adeb772619e1457eb07ee242b1e56cc1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:a58b0fd427edece6e7fcfd2246a9f00d14751b7b21f09dcc28cd2f44cdab009b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:250d48c5e6066940bcfc19d9294c85c05a0137212aec369ec43aba9f8d65f74f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:2ad22e69cbc9e4520336d2c810184943aebb98dbb7dcb839a09c715affe41687_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4f3813bbe0dc9e205dd80a10cf6624dbf85647ab4824f17b7ea7aa8d815923bb_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b56a52a12c4a430ae3b4d5b4ca0ccd4174f3aab52b1dc507e3e951602b5fcfde_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:dbf5e9b12d36813a77908b6d769a82e46771c87492a42844d4a5bf1562308874_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:fad9d7440c99df5b1227d6581415c4150f3cbcfe2fbae308bd70bdbcb06bdbeb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:33591ec5fcf2e9a1f749e6f37ff6df06a2779f6cc7fb3b19013c47ab782b41f8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:3aee5e0bd4ae76ffab05c911b71a30e5a5f59eeafd958f4eedf8f48d5c8e2d59_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:923655c52a9e78f2185973e42c732c1dec05760e6b790631de658886f14412c9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:b5fb433f5bd294782da89cdda2aebf4cd378a6d1cf89d0ffd50b139f39894d54_arm64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Authlib, a Python library used for creating secure authentication and authorization systems. This vulnerability, known as JWK (JSON Web Key) Header Injection, affects how Authlib verifies digital signatures in JWS (JSON Web Signature) tokens. An attacker can exploit this by creating a specially crafted token that includes their own cryptographic key in the header. When the system attempts to verify this token without a predefined key, it mistakenly uses the attacker's key, allowing them to bypass authentication and gain unauthorized access.
9.1 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:01f890a5280ddd4093134dc21578f8a5f06cdade4b9a6d59f31ca8deec8c43c3_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:3f44613559972c360a7e0cfce386ee3d840bc36dcb16175780835d53babe482f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:5e1a86fac8d2a2a63daccd105780c5a526e26d051ffdd62d4f64c3da6561011b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:cfc2d2a2638d28ec365e50ddf997dd0fcc8782987ab5987db729e55b8f2c53e5_s390x | — |
Vendor Fix
fix
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:2f4708fcb6d33a83959cf9d5733e12910b8f64a5fcf29051fd67803c8b103496_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:547aee162884d7561359375f6eada553365072bff6f51b212a228e066172ed1f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:702d3486624a33c0b929547f59a7491f2b9246be5e4d39426ca48a3d2275e6f1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:b1b56d8dd5b46faae23d6024411c4f9992a370d10965699608e3358c2f6c66b6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:2915b3d961ac8a528af082803772c04edb5171a4590386935a1912f2718ed060_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:20938513fd9709176b158553286b615f857e2458cd3515c4f31f585f944a265f_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3818efd3c5bfc2e39819f11323c8075b09a72b4daff70946f8ee231a1dceb6e3_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6c69e9ffcf29e4769d14d1de2f24ae52231237803804f77907742d7591397201_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6e721e2b88de017546485b427aeda9115e8596d875f71de7c7c0f95239136402_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:92aeb229c424e0335d5f921844b049123153fa07f76c4e03c8cdd9b5476dac61_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b3edfd46a42bd6769ee81d620a958b84d4f2bfc3459370abbb6e82ef4fcfc6a2_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c35821e22efa8a22625a725bf8130dc183d235e4f9bb851df082523f90658898_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e5750707f2e4b31acb300dda672c7763b3643391254369c7c1835675dc9637c6_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:689af696935a204022de3c25fc5a4095883b90e0604715f500f3bef50f05ed5f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:6ff08f45f119498ac294e216ae39f2385e8b5f1e0e348a3cc7046db87c4947a5_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:83d96120338afda38bf9eb59fd514124adeb772619e1457eb07ee242b1e56cc1_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:a58b0fd427edece6e7fcfd2246a9f00d14751b7b21f09dcc28cd2f44cdab009b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:250d48c5e6066940bcfc19d9294c85c05a0137212aec369ec43aba9f8d65f74f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:2ad22e69cbc9e4520336d2c810184943aebb98dbb7dcb839a09c715affe41687_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4f3813bbe0dc9e205dd80a10cf6624dbf85647ab4824f17b7ea7aa8d815923bb_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b56a52a12c4a430ae3b4d5b4ca0ccd4174f3aab52b1dc507e3e951602b5fcfde_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:dbf5e9b12d36813a77908b6d769a82e46771c87492a42844d4a5bf1562308874_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:fad9d7440c99df5b1227d6581415c4150f3cbcfe2fbae308bd70bdbcb06bdbeb_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:33591ec5fcf2e9a1f749e6f37ff6df06a2779f6cc7fb3b19013c47ab782b41f8_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:3aee5e0bd4ae76ffab05c911b71a30e5a5f59eeafd958f4eedf8f48d5c8e2d59_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:923655c52a9e78f2185973e42c732c1dec05760e6b790631de658886f14412c9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:b5fb433f5bd294782da89cdda2aebf4cd378a6d1cf89d0ffd50b139f39894d54_arm64 | — |
Threats
Impact
Low
References
17 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.14.7 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.14.7",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7314",
"url": "https://access.redhat.com/errata/RHSA-2026:7314"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-69873",
"url": "https://access.redhat.com/security/cve/CVE-2025-69873"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27962",
"url": "https://access.redhat.com/security/cve/CVE-2026-27962"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7314.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.14.7",
"tracking": {
"current_release_date": "2026-06-30T04:29:16+00:00",
"generator": {
"date": "2026-06-30T04:29:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2026:7314",
"initial_release_date": "2026-04-09T13:39:27+00:00",
"revision_history": [
{
"date": "2026-04-09T13:39:27+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-09T13:39:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T04:29:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.14",
"product": {
"name": "Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.14::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:250d48c5e6066940bcfc19d9294c85c05a0137212aec369ec43aba9f8d65f74f_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:250d48c5e6066940bcfc19d9294c85c05a0137212aec369ec43aba9f8d65f74f_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:250d48c5e6066940bcfc19d9294c85c05a0137212aec369ec43aba9f8d65f74f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A250d48c5e6066940bcfc19d9294c85c05a0137212aec369ec43aba9f8d65f74f?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775242297"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:2ad22e69cbc9e4520336d2c810184943aebb98dbb7dcb839a09c715affe41687_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:2ad22e69cbc9e4520336d2c810184943aebb98dbb7dcb839a09c715affe41687_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:2ad22e69cbc9e4520336d2c810184943aebb98dbb7dcb839a09c715affe41687_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A2ad22e69cbc9e4520336d2c810184943aebb98dbb7dcb839a09c715affe41687?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775224837"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:2915b3d961ac8a528af082803772c04edb5171a4590386935a1912f2718ed060_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:2915b3d961ac8a528af082803772c04edb5171a4590386935a1912f2718ed060_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:2915b3d961ac8a528af082803772c04edb5171a4590386935a1912f2718ed060_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3A2915b3d961ac8a528af082803772c04edb5171a4590386935a1912f2718ed060?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775254008"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6c69e9ffcf29e4769d14d1de2f24ae52231237803804f77907742d7591397201_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6c69e9ffcf29e4769d14d1de2f24ae52231237803804f77907742d7591397201_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6c69e9ffcf29e4769d14d1de2f24ae52231237803804f77907742d7591397201_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A6c69e9ffcf29e4769d14d1de2f24ae52231237803804f77907742d7591397201?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775224758"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c35821e22efa8a22625a725bf8130dc183d235e4f9bb851df082523f90658898_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c35821e22efa8a22625a725bf8130dc183d235e4f9bb851df082523f90658898_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c35821e22efa8a22625a725bf8130dc183d235e4f9bb851df082523f90658898_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Ac35821e22efa8a22625a725bf8130dc183d235e4f9bb851df082523f90658898?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775236401"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:a58b0fd427edece6e7fcfd2246a9f00d14751b7b21f09dcc28cd2f44cdab009b_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:a58b0fd427edece6e7fcfd2246a9f00d14751b7b21f09dcc28cd2f44cdab009b_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:a58b0fd427edece6e7fcfd2246a9f00d14751b7b21f09dcc28cd2f44cdab009b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Aa58b0fd427edece6e7fcfd2246a9f00d14751b7b21f09dcc28cd2f44cdab009b?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775224786"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:b1b56d8dd5b46faae23d6024411c4f9992a370d10965699608e3358c2f6c66b6_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:b1b56d8dd5b46faae23d6024411c4f9992a370d10965699608e3358c2f6c66b6_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:b1b56d8dd5b46faae23d6024411c4f9992a370d10965699608e3358c2f6c66b6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Ab1b56d8dd5b46faae23d6024411c4f9992a370d10965699608e3358c2f6c66b6?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775224767"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:fad9d7440c99df5b1227d6581415c4150f3cbcfe2fbae308bd70bdbcb06bdbeb_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:fad9d7440c99df5b1227d6581415c4150f3cbcfe2fbae308bd70bdbcb06bdbeb_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:fad9d7440c99df5b1227d6581415c4150f3cbcfe2fbae308bd70bdbcb06bdbeb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3Afad9d7440c99df5b1227d6581415c4150f3cbcfe2fbae308bd70bdbcb06bdbeb?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775516330"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:923655c52a9e78f2185973e42c732c1dec05760e6b790631de658886f14412c9_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:923655c52a9e78f2185973e42c732c1dec05760e6b790631de658886f14412c9_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:923655c52a9e78f2185973e42c732c1dec05760e6b790631de658886f14412c9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A923655c52a9e78f2185973e42c732c1dec05760e6b790631de658886f14412c9?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775256111"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:3f44613559972c360a7e0cfce386ee3d840bc36dcb16175780835d53babe482f_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:3f44613559972c360a7e0cfce386ee3d840bc36dcb16175780835d53babe482f_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:3f44613559972c360a7e0cfce386ee3d840bc36dcb16175780835d53babe482f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A3f44613559972c360a7e0cfce386ee3d840bc36dcb16175780835d53babe482f?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775512163"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b56a52a12c4a430ae3b4d5b4ca0ccd4174f3aab52b1dc507e3e951602b5fcfde_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b56a52a12c4a430ae3b4d5b4ca0ccd4174f3aab52b1dc507e3e951602b5fcfde_arm64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b56a52a12c4a430ae3b4d5b4ca0ccd4174f3aab52b1dc507e3e951602b5fcfde_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Ab56a52a12c4a430ae3b4d5b4ca0ccd4174f3aab52b1dc507e3e951602b5fcfde?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775224837"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:20938513fd9709176b158553286b615f857e2458cd3515c4f31f585f944a265f_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:20938513fd9709176b158553286b615f857e2458cd3515c4f31f585f944a265f_arm64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:20938513fd9709176b158553286b615f857e2458cd3515c4f31f585f944a265f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A20938513fd9709176b158553286b615f857e2458cd3515c4f31f585f944a265f?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775224758"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e5750707f2e4b31acb300dda672c7763b3643391254369c7c1835675dc9637c6_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e5750707f2e4b31acb300dda672c7763b3643391254369c7c1835675dc9637c6_arm64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e5750707f2e4b31acb300dda672c7763b3643391254369c7c1835675dc9637c6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Ae5750707f2e4b31acb300dda672c7763b3643391254369c7c1835675dc9637c6?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775236401"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:6ff08f45f119498ac294e216ae39f2385e8b5f1e0e348a3cc7046db87c4947a5_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:6ff08f45f119498ac294e216ae39f2385e8b5f1e0e348a3cc7046db87c4947a5_arm64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:6ff08f45f119498ac294e216ae39f2385e8b5f1e0e348a3cc7046db87c4947a5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A6ff08f45f119498ac294e216ae39f2385e8b5f1e0e348a3cc7046db87c4947a5?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775224786"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:2f4708fcb6d33a83959cf9d5733e12910b8f64a5fcf29051fd67803c8b103496_arm64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:2f4708fcb6d33a83959cf9d5733e12910b8f64a5fcf29051fd67803c8b103496_arm64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:2f4708fcb6d33a83959cf9d5733e12910b8f64a5fcf29051fd67803c8b103496_arm64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A2f4708fcb6d33a83959cf9d5733e12910b8f64a5fcf29051fd67803c8b103496?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775224767"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:b5fb433f5bd294782da89cdda2aebf4cd378a6d1cf89d0ffd50b139f39894d54_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:b5fb433f5bd294782da89cdda2aebf4cd378a6d1cf89d0ffd50b139f39894d54_arm64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:b5fb433f5bd294782da89cdda2aebf4cd378a6d1cf89d0ffd50b139f39894d54_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Ab5fb433f5bd294782da89cdda2aebf4cd378a6d1cf89d0ffd50b139f39894d54?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775256111"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:01f890a5280ddd4093134dc21578f8a5f06cdade4b9a6d59f31ca8deec8c43c3_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:01f890a5280ddd4093134dc21578f8a5f06cdade4b9a6d59f31ca8deec8c43c3_arm64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:01f890a5280ddd4093134dc21578f8a5f06cdade4b9a6d59f31ca8deec8c43c3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A01f890a5280ddd4093134dc21578f8a5f06cdade4b9a6d59f31ca8deec8c43c3?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775512163"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:dbf5e9b12d36813a77908b6d769a82e46771c87492a42844d4a5bf1562308874_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:dbf5e9b12d36813a77908b6d769a82e46771c87492a42844d4a5bf1562308874_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:dbf5e9b12d36813a77908b6d769a82e46771c87492a42844d4a5bf1562308874_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Adbf5e9b12d36813a77908b6d769a82e46771c87492a42844d4a5bf1562308874?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1775224837"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3818efd3c5bfc2e39819f11323c8075b09a72b4daff70946f8ee231a1dceb6e3_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3818efd3c5bfc2e39819f11323c8075b09a72b4daff70946f8ee231a1dceb6e3_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3818efd3c5bfc2e39819f11323c8075b09a72b4daff70946f8ee231a1dceb6e3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A3818efd3c5bfc2e39819f11323c8075b09a72b4daff70946f8ee231a1dceb6e3?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1775224758"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:92aeb229c424e0335d5f921844b049123153fa07f76c4e03c8cdd9b5476dac61_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:92aeb229c424e0335d5f921844b049123153fa07f76c4e03c8cdd9b5476dac61_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:92aeb229c424e0335d5f921844b049123153fa07f76c4e03c8cdd9b5476dac61_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A92aeb229c424e0335d5f921844b049123153fa07f76c4e03c8cdd9b5476dac61?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1775236401"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:83d96120338afda38bf9eb59fd514124adeb772619e1457eb07ee242b1e56cc1_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:83d96120338afda38bf9eb59fd514124adeb772619e1457eb07ee242b1e56cc1_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:83d96120338afda38bf9eb59fd514124adeb772619e1457eb07ee242b1e56cc1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A83d96120338afda38bf9eb59fd514124adeb772619e1457eb07ee242b1e56cc1?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1775224786"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:547aee162884d7561359375f6eada553365072bff6f51b212a228e066172ed1f_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:547aee162884d7561359375f6eada553365072bff6f51b212a228e066172ed1f_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:547aee162884d7561359375f6eada553365072bff6f51b212a228e066172ed1f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A547aee162884d7561359375f6eada553365072bff6f51b212a228e066172ed1f?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1775224767"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:3aee5e0bd4ae76ffab05c911b71a30e5a5f59eeafd958f4eedf8f48d5c8e2d59_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:3aee5e0bd4ae76ffab05c911b71a30e5a5f59eeafd958f4eedf8f48d5c8e2d59_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:3aee5e0bd4ae76ffab05c911b71a30e5a5f59eeafd958f4eedf8f48d5c8e2d59_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A3aee5e0bd4ae76ffab05c911b71a30e5a5f59eeafd958f4eedf8f48d5c8e2d59?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1775256111"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:5e1a86fac8d2a2a63daccd105780c5a526e26d051ffdd62d4f64c3da6561011b_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:5e1a86fac8d2a2a63daccd105780c5a526e26d051ffdd62d4f64c3da6561011b_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:5e1a86fac8d2a2a63daccd105780c5a526e26d051ffdd62d4f64c3da6561011b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A5e1a86fac8d2a2a63daccd105780c5a526e26d051ffdd62d4f64c3da6561011b?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1775512163"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4f3813bbe0dc9e205dd80a10cf6624dbf85647ab4824f17b7ea7aa8d815923bb_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4f3813bbe0dc9e205dd80a10cf6624dbf85647ab4824f17b7ea7aa8d815923bb_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4f3813bbe0dc9e205dd80a10cf6624dbf85647ab4824f17b7ea7aa8d815923bb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A4f3813bbe0dc9e205dd80a10cf6624dbf85647ab4824f17b7ea7aa8d815923bb?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1775224837"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6e721e2b88de017546485b427aeda9115e8596d875f71de7c7c0f95239136402_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6e721e2b88de017546485b427aeda9115e8596d875f71de7c7c0f95239136402_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6e721e2b88de017546485b427aeda9115e8596d875f71de7c7c0f95239136402_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A6e721e2b88de017546485b427aeda9115e8596d875f71de7c7c0f95239136402?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1775224758"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b3edfd46a42bd6769ee81d620a958b84d4f2bfc3459370abbb6e82ef4fcfc6a2_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b3edfd46a42bd6769ee81d620a958b84d4f2bfc3459370abbb6e82ef4fcfc6a2_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b3edfd46a42bd6769ee81d620a958b84d4f2bfc3459370abbb6e82ef4fcfc6a2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Ab3edfd46a42bd6769ee81d620a958b84d4f2bfc3459370abbb6e82ef4fcfc6a2?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1775236401"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:689af696935a204022de3c25fc5a4095883b90e0604715f500f3bef50f05ed5f_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:689af696935a204022de3c25fc5a4095883b90e0604715f500f3bef50f05ed5f_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:689af696935a204022de3c25fc5a4095883b90e0604715f500f3bef50f05ed5f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A689af696935a204022de3c25fc5a4095883b90e0604715f500f3bef50f05ed5f?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1775224786"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:702d3486624a33c0b929547f59a7491f2b9246be5e4d39426ca48a3d2275e6f1_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:702d3486624a33c0b929547f59a7491f2b9246be5e4d39426ca48a3d2275e6f1_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:702d3486624a33c0b929547f59a7491f2b9246be5e4d39426ca48a3d2275e6f1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A702d3486624a33c0b929547f59a7491f2b9246be5e4d39426ca48a3d2275e6f1?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1775224767"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:33591ec5fcf2e9a1f749e6f37ff6df06a2779f6cc7fb3b19013c47ab782b41f8_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:33591ec5fcf2e9a1f749e6f37ff6df06a2779f6cc7fb3b19013c47ab782b41f8_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:33591ec5fcf2e9a1f749e6f37ff6df06a2779f6cc7fb3b19013c47ab782b41f8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A33591ec5fcf2e9a1f749e6f37ff6df06a2779f6cc7fb3b19013c47ab782b41f8?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1775256111"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:cfc2d2a2638d28ec365e50ddf997dd0fcc8782987ab5987db729e55b8f2c53e5_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:cfc2d2a2638d28ec365e50ddf997dd0fcc8782987ab5987db729e55b8f2c53e5_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:cfc2d2a2638d28ec365e50ddf997dd0fcc8782987ab5987db729e55b8f2c53e5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Acfc2d2a2638d28ec365e50ddf997dd0fcc8782987ab5987db729e55b8f2c53e5?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1775512163"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:2f4708fcb6d33a83959cf9d5733e12910b8f64a5fcf29051fd67803c8b103496_arm64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:2f4708fcb6d33a83959cf9d5733e12910b8f64a5fcf29051fd67803c8b103496_arm64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:2f4708fcb6d33a83959cf9d5733e12910b8f64a5fcf29051fd67803c8b103496_arm64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:547aee162884d7561359375f6eada553365072bff6f51b212a228e066172ed1f_ppc64le as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:547aee162884d7561359375f6eada553365072bff6f51b212a228e066172ed1f_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:547aee162884d7561359375f6eada553365072bff6f51b212a228e066172ed1f_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:702d3486624a33c0b929547f59a7491f2b9246be5e4d39426ca48a3d2275e6f1_s390x as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:702d3486624a33c0b929547f59a7491f2b9246be5e4d39426ca48a3d2275e6f1_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:702d3486624a33c0b929547f59a7491f2b9246be5e4d39426ca48a3d2275e6f1_s390x",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:b1b56d8dd5b46faae23d6024411c4f9992a370d10965699608e3358c2f6c66b6_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:b1b56d8dd5b46faae23d6024411c4f9992a370d10965699608e3358c2f6c66b6_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:b1b56d8dd5b46faae23d6024411c4f9992a370d10965699608e3358c2f6c66b6_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:2915b3d961ac8a528af082803772c04edb5171a4590386935a1912f2718ed060_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:2915b3d961ac8a528af082803772c04edb5171a4590386935a1912f2718ed060_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:2915b3d961ac8a528af082803772c04edb5171a4590386935a1912f2718ed060_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:20938513fd9709176b158553286b615f857e2458cd3515c4f31f585f944a265f_arm64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:20938513fd9709176b158553286b615f857e2458cd3515c4f31f585f944a265f_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:20938513fd9709176b158553286b615f857e2458cd3515c4f31f585f944a265f_arm64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3818efd3c5bfc2e39819f11323c8075b09a72b4daff70946f8ee231a1dceb6e3_ppc64le as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3818efd3c5bfc2e39819f11323c8075b09a72b4daff70946f8ee231a1dceb6e3_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3818efd3c5bfc2e39819f11323c8075b09a72b4daff70946f8ee231a1dceb6e3_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6c69e9ffcf29e4769d14d1de2f24ae52231237803804f77907742d7591397201_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6c69e9ffcf29e4769d14d1de2f24ae52231237803804f77907742d7591397201_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6c69e9ffcf29e4769d14d1de2f24ae52231237803804f77907742d7591397201_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6e721e2b88de017546485b427aeda9115e8596d875f71de7c7c0f95239136402_s390x as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6e721e2b88de017546485b427aeda9115e8596d875f71de7c7c0f95239136402_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6e721e2b88de017546485b427aeda9115e8596d875f71de7c7c0f95239136402_s390x",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:92aeb229c424e0335d5f921844b049123153fa07f76c4e03c8cdd9b5476dac61_ppc64le as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:92aeb229c424e0335d5f921844b049123153fa07f76c4e03c8cdd9b5476dac61_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:92aeb229c424e0335d5f921844b049123153fa07f76c4e03c8cdd9b5476dac61_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b3edfd46a42bd6769ee81d620a958b84d4f2bfc3459370abbb6e82ef4fcfc6a2_s390x as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b3edfd46a42bd6769ee81d620a958b84d4f2bfc3459370abbb6e82ef4fcfc6a2_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b3edfd46a42bd6769ee81d620a958b84d4f2bfc3459370abbb6e82ef4fcfc6a2_s390x",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c35821e22efa8a22625a725bf8130dc183d235e4f9bb851df082523f90658898_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c35821e22efa8a22625a725bf8130dc183d235e4f9bb851df082523f90658898_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c35821e22efa8a22625a725bf8130dc183d235e4f9bb851df082523f90658898_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e5750707f2e4b31acb300dda672c7763b3643391254369c7c1835675dc9637c6_arm64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e5750707f2e4b31acb300dda672c7763b3643391254369c7c1835675dc9637c6_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e5750707f2e4b31acb300dda672c7763b3643391254369c7c1835675dc9637c6_arm64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:689af696935a204022de3c25fc5a4095883b90e0604715f500f3bef50f05ed5f_s390x as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:689af696935a204022de3c25fc5a4095883b90e0604715f500f3bef50f05ed5f_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:689af696935a204022de3c25fc5a4095883b90e0604715f500f3bef50f05ed5f_s390x",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:6ff08f45f119498ac294e216ae39f2385e8b5f1e0e348a3cc7046db87c4947a5_arm64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:6ff08f45f119498ac294e216ae39f2385e8b5f1e0e348a3cc7046db87c4947a5_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:6ff08f45f119498ac294e216ae39f2385e8b5f1e0e348a3cc7046db87c4947a5_arm64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:83d96120338afda38bf9eb59fd514124adeb772619e1457eb07ee242b1e56cc1_ppc64le as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:83d96120338afda38bf9eb59fd514124adeb772619e1457eb07ee242b1e56cc1_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:83d96120338afda38bf9eb59fd514124adeb772619e1457eb07ee242b1e56cc1_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:a58b0fd427edece6e7fcfd2246a9f00d14751b7b21f09dcc28cd2f44cdab009b_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:a58b0fd427edece6e7fcfd2246a9f00d14751b7b21f09dcc28cd2f44cdab009b_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:a58b0fd427edece6e7fcfd2246a9f00d14751b7b21f09dcc28cd2f44cdab009b_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:250d48c5e6066940bcfc19d9294c85c05a0137212aec369ec43aba9f8d65f74f_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:250d48c5e6066940bcfc19d9294c85c05a0137212aec369ec43aba9f8d65f74f_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:250d48c5e6066940bcfc19d9294c85c05a0137212aec369ec43aba9f8d65f74f_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:2ad22e69cbc9e4520336d2c810184943aebb98dbb7dcb839a09c715affe41687_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:2ad22e69cbc9e4520336d2c810184943aebb98dbb7dcb839a09c715affe41687_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:2ad22e69cbc9e4520336d2c810184943aebb98dbb7dcb839a09c715affe41687_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4f3813bbe0dc9e205dd80a10cf6624dbf85647ab4824f17b7ea7aa8d815923bb_s390x as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4f3813bbe0dc9e205dd80a10cf6624dbf85647ab4824f17b7ea7aa8d815923bb_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4f3813bbe0dc9e205dd80a10cf6624dbf85647ab4824f17b7ea7aa8d815923bb_s390x",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b56a52a12c4a430ae3b4d5b4ca0ccd4174f3aab52b1dc507e3e951602b5fcfde_arm64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b56a52a12c4a430ae3b4d5b4ca0ccd4174f3aab52b1dc507e3e951602b5fcfde_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b56a52a12c4a430ae3b4d5b4ca0ccd4174f3aab52b1dc507e3e951602b5fcfde_arm64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:dbf5e9b12d36813a77908b6d769a82e46771c87492a42844d4a5bf1562308874_ppc64le as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:dbf5e9b12d36813a77908b6d769a82e46771c87492a42844d4a5bf1562308874_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:dbf5e9b12d36813a77908b6d769a82e46771c87492a42844d4a5bf1562308874_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:fad9d7440c99df5b1227d6581415c4150f3cbcfe2fbae308bd70bdbcb06bdbeb_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:fad9d7440c99df5b1227d6581415c4150f3cbcfe2fbae308bd70bdbcb06bdbeb_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:fad9d7440c99df5b1227d6581415c4150f3cbcfe2fbae308bd70bdbcb06bdbeb_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:33591ec5fcf2e9a1f749e6f37ff6df06a2779f6cc7fb3b19013c47ab782b41f8_s390x as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:33591ec5fcf2e9a1f749e6f37ff6df06a2779f6cc7fb3b19013c47ab782b41f8_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:33591ec5fcf2e9a1f749e6f37ff6df06a2779f6cc7fb3b19013c47ab782b41f8_s390x",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:3aee5e0bd4ae76ffab05c911b71a30e5a5f59eeafd958f4eedf8f48d5c8e2d59_ppc64le as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:3aee5e0bd4ae76ffab05c911b71a30e5a5f59eeafd958f4eedf8f48d5c8e2d59_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:3aee5e0bd4ae76ffab05c911b71a30e5a5f59eeafd958f4eedf8f48d5c8e2d59_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:923655c52a9e78f2185973e42c732c1dec05760e6b790631de658886f14412c9_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:923655c52a9e78f2185973e42c732c1dec05760e6b790631de658886f14412c9_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:923655c52a9e78f2185973e42c732c1dec05760e6b790631de658886f14412c9_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:b5fb433f5bd294782da89cdda2aebf4cd378a6d1cf89d0ffd50b139f39894d54_arm64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:b5fb433f5bd294782da89cdda2aebf4cd378a6d1cf89d0ffd50b139f39894d54_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:b5fb433f5bd294782da89cdda2aebf4cd378a6d1cf89d0ffd50b139f39894d54_arm64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:01f890a5280ddd4093134dc21578f8a5f06cdade4b9a6d59f31ca8deec8c43c3_arm64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:01f890a5280ddd4093134dc21578f8a5f06cdade4b9a6d59f31ca8deec8c43c3_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:01f890a5280ddd4093134dc21578f8a5f06cdade4b9a6d59f31ca8deec8c43c3_arm64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:3f44613559972c360a7e0cfce386ee3d840bc36dcb16175780835d53babe482f_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:3f44613559972c360a7e0cfce386ee3d840bc36dcb16175780835d53babe482f_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:3f44613559972c360a7e0cfce386ee3d840bc36dcb16175780835d53babe482f_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:5e1a86fac8d2a2a63daccd105780c5a526e26d051ffdd62d4f64c3da6561011b_ppc64le as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:5e1a86fac8d2a2a63daccd105780c5a526e26d051ffdd62d4f64c3da6561011b_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:5e1a86fac8d2a2a63daccd105780c5a526e26d051ffdd62d4f64c3da6561011b_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:cfc2d2a2638d28ec365e50ddf997dd0fcc8782987ab5987db729e55b8f2c53e5_s390x as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:cfc2d2a2638d28ec365e50ddf997dd0fcc8782987ab5987db729e55b8f2c53e5_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:cfc2d2a2638d28ec365e50ddf997dd0fcc8782987ab5987db729e55b8f2c53e5_s390x",
"relates_to_product_reference": "Red Hat Quay 3.14"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-69873",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-11T19:01:32.953264+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:2f4708fcb6d33a83959cf9d5733e12910b8f64a5fcf29051fd67803c8b103496_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:547aee162884d7561359375f6eada553365072bff6f51b212a228e066172ed1f_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:702d3486624a33c0b929547f59a7491f2b9246be5e4d39426ca48a3d2275e6f1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:b1b56d8dd5b46faae23d6024411c4f9992a370d10965699608e3358c2f6c66b6_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:2915b3d961ac8a528af082803772c04edb5171a4590386935a1912f2718ed060_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:20938513fd9709176b158553286b615f857e2458cd3515c4f31f585f944a265f_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3818efd3c5bfc2e39819f11323c8075b09a72b4daff70946f8ee231a1dceb6e3_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6c69e9ffcf29e4769d14d1de2f24ae52231237803804f77907742d7591397201_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6e721e2b88de017546485b427aeda9115e8596d875f71de7c7c0f95239136402_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:92aeb229c424e0335d5f921844b049123153fa07f76c4e03c8cdd9b5476dac61_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b3edfd46a42bd6769ee81d620a958b84d4f2bfc3459370abbb6e82ef4fcfc6a2_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c35821e22efa8a22625a725bf8130dc183d235e4f9bb851df082523f90658898_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e5750707f2e4b31acb300dda672c7763b3643391254369c7c1835675dc9637c6_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:689af696935a204022de3c25fc5a4095883b90e0604715f500f3bef50f05ed5f_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:6ff08f45f119498ac294e216ae39f2385e8b5f1e0e348a3cc7046db87c4947a5_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:83d96120338afda38bf9eb59fd514124adeb772619e1457eb07ee242b1e56cc1_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:a58b0fd427edece6e7fcfd2246a9f00d14751b7b21f09dcc28cd2f44cdab009b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:250d48c5e6066940bcfc19d9294c85c05a0137212aec369ec43aba9f8d65f74f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:2ad22e69cbc9e4520336d2c810184943aebb98dbb7dcb839a09c715affe41687_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4f3813bbe0dc9e205dd80a10cf6624dbf85647ab4824f17b7ea7aa8d815923bb_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b56a52a12c4a430ae3b4d5b4ca0ccd4174f3aab52b1dc507e3e951602b5fcfde_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:dbf5e9b12d36813a77908b6d769a82e46771c87492a42844d4a5bf1562308874_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:fad9d7440c99df5b1227d6581415c4150f3cbcfe2fbae308bd70bdbcb06bdbeb_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:33591ec5fcf2e9a1f749e6f37ff6df06a2779f6cc7fb3b19013c47ab782b41f8_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:3aee5e0bd4ae76ffab05c911b71a30e5a5f59eeafd958f4eedf8f48d5c8e2d59_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:923655c52a9e78f2185973e42c732c1dec05760e6b790631de658886f14412c9_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:b5fb433f5bd294782da89cdda2aebf4cd378a6d1cf89d0ffd50b139f39894d54_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ajv: ReDoS via $data reference",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, the $data option must be enabled and the attacker needs to be able to send a payload with a specially crafted regular expression to the application processing the input. A 31-character payload causes approximately 44 seconds of execution, with each additional character doubling the execution time. Therefore, even a small payload can cause an application to become unresponsive and eventually result in a denial of service. Due to this reason, this flaw has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:01f890a5280ddd4093134dc21578f8a5f06cdade4b9a6d59f31ca8deec8c43c3_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:3f44613559972c360a7e0cfce386ee3d840bc36dcb16175780835d53babe482f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:5e1a86fac8d2a2a63daccd105780c5a526e26d051ffdd62d4f64c3da6561011b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:cfc2d2a2638d28ec365e50ddf997dd0fcc8782987ab5987db729e55b8f2c53e5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:2f4708fcb6d33a83959cf9d5733e12910b8f64a5fcf29051fd67803c8b103496_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:547aee162884d7561359375f6eada553365072bff6f51b212a228e066172ed1f_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:702d3486624a33c0b929547f59a7491f2b9246be5e4d39426ca48a3d2275e6f1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:b1b56d8dd5b46faae23d6024411c4f9992a370d10965699608e3358c2f6c66b6_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:2915b3d961ac8a528af082803772c04edb5171a4590386935a1912f2718ed060_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:20938513fd9709176b158553286b615f857e2458cd3515c4f31f585f944a265f_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3818efd3c5bfc2e39819f11323c8075b09a72b4daff70946f8ee231a1dceb6e3_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6c69e9ffcf29e4769d14d1de2f24ae52231237803804f77907742d7591397201_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6e721e2b88de017546485b427aeda9115e8596d875f71de7c7c0f95239136402_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:92aeb229c424e0335d5f921844b049123153fa07f76c4e03c8cdd9b5476dac61_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b3edfd46a42bd6769ee81d620a958b84d4f2bfc3459370abbb6e82ef4fcfc6a2_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c35821e22efa8a22625a725bf8130dc183d235e4f9bb851df082523f90658898_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e5750707f2e4b31acb300dda672c7763b3643391254369c7c1835675dc9637c6_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:689af696935a204022de3c25fc5a4095883b90e0604715f500f3bef50f05ed5f_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:6ff08f45f119498ac294e216ae39f2385e8b5f1e0e348a3cc7046db87c4947a5_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:83d96120338afda38bf9eb59fd514124adeb772619e1457eb07ee242b1e56cc1_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:a58b0fd427edece6e7fcfd2246a9f00d14751b7b21f09dcc28cd2f44cdab009b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:250d48c5e6066940bcfc19d9294c85c05a0137212aec369ec43aba9f8d65f74f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:2ad22e69cbc9e4520336d2c810184943aebb98dbb7dcb839a09c715affe41687_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4f3813bbe0dc9e205dd80a10cf6624dbf85647ab4824f17b7ea7aa8d815923bb_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b56a52a12c4a430ae3b4d5b4ca0ccd4174f3aab52b1dc507e3e951602b5fcfde_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:dbf5e9b12d36813a77908b6d769a82e46771c87492a42844d4a5bf1562308874_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:fad9d7440c99df5b1227d6581415c4150f3cbcfe2fbae308bd70bdbcb06bdbeb_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:33591ec5fcf2e9a1f749e6f37ff6df06a2779f6cc7fb3b19013c47ab782b41f8_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:3aee5e0bd4ae76ffab05c911b71a30e5a5f59eeafd958f4eedf8f48d5c8e2d59_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:923655c52a9e78f2185973e42c732c1dec05760e6b790631de658886f14412c9_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:b5fb433f5bd294782da89cdda2aebf4cd378a6d1cf89d0ffd50b139f39894d54_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69873"
},
{
"category": "external",
"summary": "RHBZ#2439070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873"
},
{
"category": "external",
"summary": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md",
"url": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md"
}
],
"release_date": "2026-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T13:39:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:01f890a5280ddd4093134dc21578f8a5f06cdade4b9a6d59f31ca8deec8c43c3_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:3f44613559972c360a7e0cfce386ee3d840bc36dcb16175780835d53babe482f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:5e1a86fac8d2a2a63daccd105780c5a526e26d051ffdd62d4f64c3da6561011b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:cfc2d2a2638d28ec365e50ddf997dd0fcc8782987ab5987db729e55b8f2c53e5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7314"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable the $data feature if your application does not require it. If $data must be used, implement strict validation of the input fields that are referenced by the pattern keyword to ensure they contain only expected and safe characters.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:2f4708fcb6d33a83959cf9d5733e12910b8f64a5fcf29051fd67803c8b103496_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:547aee162884d7561359375f6eada553365072bff6f51b212a228e066172ed1f_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:702d3486624a33c0b929547f59a7491f2b9246be5e4d39426ca48a3d2275e6f1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:b1b56d8dd5b46faae23d6024411c4f9992a370d10965699608e3358c2f6c66b6_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:2915b3d961ac8a528af082803772c04edb5171a4590386935a1912f2718ed060_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:20938513fd9709176b158553286b615f857e2458cd3515c4f31f585f944a265f_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3818efd3c5bfc2e39819f11323c8075b09a72b4daff70946f8ee231a1dceb6e3_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6c69e9ffcf29e4769d14d1de2f24ae52231237803804f77907742d7591397201_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6e721e2b88de017546485b427aeda9115e8596d875f71de7c7c0f95239136402_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:92aeb229c424e0335d5f921844b049123153fa07f76c4e03c8cdd9b5476dac61_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b3edfd46a42bd6769ee81d620a958b84d4f2bfc3459370abbb6e82ef4fcfc6a2_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c35821e22efa8a22625a725bf8130dc183d235e4f9bb851df082523f90658898_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e5750707f2e4b31acb300dda672c7763b3643391254369c7c1835675dc9637c6_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:689af696935a204022de3c25fc5a4095883b90e0604715f500f3bef50f05ed5f_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:6ff08f45f119498ac294e216ae39f2385e8b5f1e0e348a3cc7046db87c4947a5_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:83d96120338afda38bf9eb59fd514124adeb772619e1457eb07ee242b1e56cc1_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:a58b0fd427edece6e7fcfd2246a9f00d14751b7b21f09dcc28cd2f44cdab009b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:250d48c5e6066940bcfc19d9294c85c05a0137212aec369ec43aba9f8d65f74f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:2ad22e69cbc9e4520336d2c810184943aebb98dbb7dcb839a09c715affe41687_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4f3813bbe0dc9e205dd80a10cf6624dbf85647ab4824f17b7ea7aa8d815923bb_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b56a52a12c4a430ae3b4d5b4ca0ccd4174f3aab52b1dc507e3e951602b5fcfde_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:dbf5e9b12d36813a77908b6d769a82e46771c87492a42844d4a5bf1562308874_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:fad9d7440c99df5b1227d6581415c4150f3cbcfe2fbae308bd70bdbcb06bdbeb_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:33591ec5fcf2e9a1f749e6f37ff6df06a2779f6cc7fb3b19013c47ab782b41f8_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:3aee5e0bd4ae76ffab05c911b71a30e5a5f59eeafd958f4eedf8f48d5c8e2d59_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:923655c52a9e78f2185973e42c732c1dec05760e6b790631de658886f14412c9_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:b5fb433f5bd294782da89cdda2aebf4cd378a6d1cf89d0ffd50b139f39894d54_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:01f890a5280ddd4093134dc21578f8a5f06cdade4b9a6d59f31ca8deec8c43c3_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:3f44613559972c360a7e0cfce386ee3d840bc36dcb16175780835d53babe482f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:5e1a86fac8d2a2a63daccd105780c5a526e26d051ffdd62d4f64c3da6561011b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:cfc2d2a2638d28ec365e50ddf997dd0fcc8782987ab5987db729e55b8f2c53e5_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:2f4708fcb6d33a83959cf9d5733e12910b8f64a5fcf29051fd67803c8b103496_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:547aee162884d7561359375f6eada553365072bff6f51b212a228e066172ed1f_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:702d3486624a33c0b929547f59a7491f2b9246be5e4d39426ca48a3d2275e6f1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:b1b56d8dd5b46faae23d6024411c4f9992a370d10965699608e3358c2f6c66b6_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:2915b3d961ac8a528af082803772c04edb5171a4590386935a1912f2718ed060_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:20938513fd9709176b158553286b615f857e2458cd3515c4f31f585f944a265f_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3818efd3c5bfc2e39819f11323c8075b09a72b4daff70946f8ee231a1dceb6e3_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6c69e9ffcf29e4769d14d1de2f24ae52231237803804f77907742d7591397201_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6e721e2b88de017546485b427aeda9115e8596d875f71de7c7c0f95239136402_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:92aeb229c424e0335d5f921844b049123153fa07f76c4e03c8cdd9b5476dac61_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b3edfd46a42bd6769ee81d620a958b84d4f2bfc3459370abbb6e82ef4fcfc6a2_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c35821e22efa8a22625a725bf8130dc183d235e4f9bb851df082523f90658898_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e5750707f2e4b31acb300dda672c7763b3643391254369c7c1835675dc9637c6_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:689af696935a204022de3c25fc5a4095883b90e0604715f500f3bef50f05ed5f_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:6ff08f45f119498ac294e216ae39f2385e8b5f1e0e348a3cc7046db87c4947a5_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:83d96120338afda38bf9eb59fd514124adeb772619e1457eb07ee242b1e56cc1_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:a58b0fd427edece6e7fcfd2246a9f00d14751b7b21f09dcc28cd2f44cdab009b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:250d48c5e6066940bcfc19d9294c85c05a0137212aec369ec43aba9f8d65f74f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:2ad22e69cbc9e4520336d2c810184943aebb98dbb7dcb839a09c715affe41687_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4f3813bbe0dc9e205dd80a10cf6624dbf85647ab4824f17b7ea7aa8d815923bb_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b56a52a12c4a430ae3b4d5b4ca0ccd4174f3aab52b1dc507e3e951602b5fcfde_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:dbf5e9b12d36813a77908b6d769a82e46771c87492a42844d4a5bf1562308874_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:fad9d7440c99df5b1227d6581415c4150f3cbcfe2fbae308bd70bdbcb06bdbeb_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:33591ec5fcf2e9a1f749e6f37ff6df06a2779f6cc7fb3b19013c47ab782b41f8_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:3aee5e0bd4ae76ffab05c911b71a30e5a5f59eeafd958f4eedf8f48d5c8e2d59_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:923655c52a9e78f2185973e42c732c1dec05760e6b790631de658886f14412c9_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:b5fb433f5bd294782da89cdda2aebf4cd378a6d1cf89d0ffd50b139f39894d54_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:01f890a5280ddd4093134dc21578f8a5f06cdade4b9a6d59f31ca8deec8c43c3_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:3f44613559972c360a7e0cfce386ee3d840bc36dcb16175780835d53babe482f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:5e1a86fac8d2a2a63daccd105780c5a526e26d051ffdd62d4f64c3da6561011b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:cfc2d2a2638d28ec365e50ddf997dd0fcc8782987ab5987db729e55b8f2c53e5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ajv: ReDoS via $data reference"
},
{
"cve": "CVE-2026-27962",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-16T18:02:07.041902+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:2f4708fcb6d33a83959cf9d5733e12910b8f64a5fcf29051fd67803c8b103496_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:547aee162884d7561359375f6eada553365072bff6f51b212a228e066172ed1f_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:702d3486624a33c0b929547f59a7491f2b9246be5e4d39426ca48a3d2275e6f1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:b1b56d8dd5b46faae23d6024411c4f9992a370d10965699608e3358c2f6c66b6_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:2915b3d961ac8a528af082803772c04edb5171a4590386935a1912f2718ed060_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:20938513fd9709176b158553286b615f857e2458cd3515c4f31f585f944a265f_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3818efd3c5bfc2e39819f11323c8075b09a72b4daff70946f8ee231a1dceb6e3_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6c69e9ffcf29e4769d14d1de2f24ae52231237803804f77907742d7591397201_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6e721e2b88de017546485b427aeda9115e8596d875f71de7c7c0f95239136402_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:92aeb229c424e0335d5f921844b049123153fa07f76c4e03c8cdd9b5476dac61_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b3edfd46a42bd6769ee81d620a958b84d4f2bfc3459370abbb6e82ef4fcfc6a2_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c35821e22efa8a22625a725bf8130dc183d235e4f9bb851df082523f90658898_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e5750707f2e4b31acb300dda672c7763b3643391254369c7c1835675dc9637c6_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:689af696935a204022de3c25fc5a4095883b90e0604715f500f3bef50f05ed5f_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:6ff08f45f119498ac294e216ae39f2385e8b5f1e0e348a3cc7046db87c4947a5_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:83d96120338afda38bf9eb59fd514124adeb772619e1457eb07ee242b1e56cc1_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:a58b0fd427edece6e7fcfd2246a9f00d14751b7b21f09dcc28cd2f44cdab009b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:250d48c5e6066940bcfc19d9294c85c05a0137212aec369ec43aba9f8d65f74f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:2ad22e69cbc9e4520336d2c810184943aebb98dbb7dcb839a09c715affe41687_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4f3813bbe0dc9e205dd80a10cf6624dbf85647ab4824f17b7ea7aa8d815923bb_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b56a52a12c4a430ae3b4d5b4ca0ccd4174f3aab52b1dc507e3e951602b5fcfde_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:dbf5e9b12d36813a77908b6d769a82e46771c87492a42844d4a5bf1562308874_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:fad9d7440c99df5b1227d6581415c4150f3cbcfe2fbae308bd70bdbcb06bdbeb_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:33591ec5fcf2e9a1f749e6f37ff6df06a2779f6cc7fb3b19013c47ab782b41f8_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:3aee5e0bd4ae76ffab05c911b71a30e5a5f59eeafd958f4eedf8f48d5c8e2d59_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:923655c52a9e78f2185973e42c732c1dec05760e6b790631de658886f14412c9_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:b5fb433f5bd294782da89cdda2aebf4cd378a6d1cf89d0ffd50b139f39894d54_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448164"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Authlib, a Python library used for creating secure authentication and authorization systems. This vulnerability, known as JWK (JSON Web Key) Header Injection, affects how Authlib verifies digital signatures in JWS (JSON Web Signature) tokens. An attacker can exploit this by creating a specially crafted token that includes their own cryptographic key in the header. When the system attempts to verify this token without a predefined key, it mistakenly uses the attacker\u0027s key, allowing them to bypass authentication and gain unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib: Authentication bypass due to JWK Header Injection vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This critical vulnerability in Authlib\u0027s JWS implementation allows unauthenticated attackers to forge JWTs by embedding their own cryptographic key in the token header. Impact is high to confidentiality and integrity as attackers can bypass authentication.\n\nThe impact for Red Hat Quay is rated as low because it imports authlib solely as a JWK parsing utility and performs all JWT signature verification through PyJWT, so the vulnerable jws.deserialize_compact() code path is never called.\n\nRed Hat OpenShift AI is not affected, since authlib is only present as a transitive dependency in the dev dependency group and is not included in production image builds, so the vulnerable code is not present in the shipped product.\n\nRed Hat Satellite is not affected, as authlib is only present as a dependency of fastmcp. In Satellite, fastmcp only invokes authlib using jwt.decode() which isn\u0027t able to reach the vulnerability condition even with key=none.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:01f890a5280ddd4093134dc21578f8a5f06cdade4b9a6d59f31ca8deec8c43c3_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:3f44613559972c360a7e0cfce386ee3d840bc36dcb16175780835d53babe482f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:5e1a86fac8d2a2a63daccd105780c5a526e26d051ffdd62d4f64c3da6561011b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:cfc2d2a2638d28ec365e50ddf997dd0fcc8782987ab5987db729e55b8f2c53e5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:2f4708fcb6d33a83959cf9d5733e12910b8f64a5fcf29051fd67803c8b103496_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:547aee162884d7561359375f6eada553365072bff6f51b212a228e066172ed1f_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:702d3486624a33c0b929547f59a7491f2b9246be5e4d39426ca48a3d2275e6f1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:b1b56d8dd5b46faae23d6024411c4f9992a370d10965699608e3358c2f6c66b6_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:2915b3d961ac8a528af082803772c04edb5171a4590386935a1912f2718ed060_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:20938513fd9709176b158553286b615f857e2458cd3515c4f31f585f944a265f_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3818efd3c5bfc2e39819f11323c8075b09a72b4daff70946f8ee231a1dceb6e3_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6c69e9ffcf29e4769d14d1de2f24ae52231237803804f77907742d7591397201_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6e721e2b88de017546485b427aeda9115e8596d875f71de7c7c0f95239136402_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:92aeb229c424e0335d5f921844b049123153fa07f76c4e03c8cdd9b5476dac61_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b3edfd46a42bd6769ee81d620a958b84d4f2bfc3459370abbb6e82ef4fcfc6a2_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c35821e22efa8a22625a725bf8130dc183d235e4f9bb851df082523f90658898_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e5750707f2e4b31acb300dda672c7763b3643391254369c7c1835675dc9637c6_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:689af696935a204022de3c25fc5a4095883b90e0604715f500f3bef50f05ed5f_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:6ff08f45f119498ac294e216ae39f2385e8b5f1e0e348a3cc7046db87c4947a5_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:83d96120338afda38bf9eb59fd514124adeb772619e1457eb07ee242b1e56cc1_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:a58b0fd427edece6e7fcfd2246a9f00d14751b7b21f09dcc28cd2f44cdab009b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:250d48c5e6066940bcfc19d9294c85c05a0137212aec369ec43aba9f8d65f74f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:2ad22e69cbc9e4520336d2c810184943aebb98dbb7dcb839a09c715affe41687_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4f3813bbe0dc9e205dd80a10cf6624dbf85647ab4824f17b7ea7aa8d815923bb_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b56a52a12c4a430ae3b4d5b4ca0ccd4174f3aab52b1dc507e3e951602b5fcfde_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:dbf5e9b12d36813a77908b6d769a82e46771c87492a42844d4a5bf1562308874_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:fad9d7440c99df5b1227d6581415c4150f3cbcfe2fbae308bd70bdbcb06bdbeb_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:33591ec5fcf2e9a1f749e6f37ff6df06a2779f6cc7fb3b19013c47ab782b41f8_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:3aee5e0bd4ae76ffab05c911b71a30e5a5f59eeafd958f4eedf8f48d5c8e2d59_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:923655c52a9e78f2185973e42c732c1dec05760e6b790631de658886f14412c9_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:b5fb433f5bd294782da89cdda2aebf4cd378a6d1cf89d0ffd50b139f39894d54_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27962"
},
{
"category": "external",
"summary": "RHBZ#2448164",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448164"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27962",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27962"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27962",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27962"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/a5d4b2d4c9e46bfa11c82f85fdc2bcc0b50ae681",
"url": "https://github.com/authlib/authlib/commit/a5d4b2d4c9e46bfa11c82f85fdc2bcc0b50ae681"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/releases/tag/v1.6.9",
"url": "https://github.com/authlib/authlib/releases/tag/v1.6.9"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-wvwj-cvrp-7pv5",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-wvwj-cvrp-7pv5"
}
],
"release_date": "2026-03-16T17:34:38.946000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T13:39:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:01f890a5280ddd4093134dc21578f8a5f06cdade4b9a6d59f31ca8deec8c43c3_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:3f44613559972c360a7e0cfce386ee3d840bc36dcb16175780835d53babe482f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:5e1a86fac8d2a2a63daccd105780c5a526e26d051ffdd62d4f64c3da6561011b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:cfc2d2a2638d28ec365e50ddf997dd0fcc8782987ab5987db729e55b8f2c53e5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7314"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:2f4708fcb6d33a83959cf9d5733e12910b8f64a5fcf29051fd67803c8b103496_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:547aee162884d7561359375f6eada553365072bff6f51b212a228e066172ed1f_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:702d3486624a33c0b929547f59a7491f2b9246be5e4d39426ca48a3d2275e6f1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:b1b56d8dd5b46faae23d6024411c4f9992a370d10965699608e3358c2f6c66b6_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:2915b3d961ac8a528af082803772c04edb5171a4590386935a1912f2718ed060_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:20938513fd9709176b158553286b615f857e2458cd3515c4f31f585f944a265f_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3818efd3c5bfc2e39819f11323c8075b09a72b4daff70946f8ee231a1dceb6e3_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6c69e9ffcf29e4769d14d1de2f24ae52231237803804f77907742d7591397201_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6e721e2b88de017546485b427aeda9115e8596d875f71de7c7c0f95239136402_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:92aeb229c424e0335d5f921844b049123153fa07f76c4e03c8cdd9b5476dac61_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b3edfd46a42bd6769ee81d620a958b84d4f2bfc3459370abbb6e82ef4fcfc6a2_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c35821e22efa8a22625a725bf8130dc183d235e4f9bb851df082523f90658898_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e5750707f2e4b31acb300dda672c7763b3643391254369c7c1835675dc9637c6_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:689af696935a204022de3c25fc5a4095883b90e0604715f500f3bef50f05ed5f_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:6ff08f45f119498ac294e216ae39f2385e8b5f1e0e348a3cc7046db87c4947a5_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:83d96120338afda38bf9eb59fd514124adeb772619e1457eb07ee242b1e56cc1_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:a58b0fd427edece6e7fcfd2246a9f00d14751b7b21f09dcc28cd2f44cdab009b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:250d48c5e6066940bcfc19d9294c85c05a0137212aec369ec43aba9f8d65f74f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:2ad22e69cbc9e4520336d2c810184943aebb98dbb7dcb839a09c715affe41687_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4f3813bbe0dc9e205dd80a10cf6624dbf85647ab4824f17b7ea7aa8d815923bb_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b56a52a12c4a430ae3b4d5b4ca0ccd4174f3aab52b1dc507e3e951602b5fcfde_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:dbf5e9b12d36813a77908b6d769a82e46771c87492a42844d4a5bf1562308874_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:fad9d7440c99df5b1227d6581415c4150f3cbcfe2fbae308bd70bdbcb06bdbeb_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:33591ec5fcf2e9a1f749e6f37ff6df06a2779f6cc7fb3b19013c47ab782b41f8_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:3aee5e0bd4ae76ffab05c911b71a30e5a5f59eeafd958f4eedf8f48d5c8e2d59_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:923655c52a9e78f2185973e42c732c1dec05760e6b790631de658886f14412c9_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:b5fb433f5bd294782da89cdda2aebf4cd378a6d1cf89d0ffd50b139f39894d54_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:01f890a5280ddd4093134dc21578f8a5f06cdade4b9a6d59f31ca8deec8c43c3_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:3f44613559972c360a7e0cfce386ee3d840bc36dcb16175780835d53babe482f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:5e1a86fac8d2a2a63daccd105780c5a526e26d051ffdd62d4f64c3da6561011b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:cfc2d2a2638d28ec365e50ddf997dd0fcc8782987ab5987db729e55b8f2c53e5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "authlib: Authlib: Authentication bypass due to JWK Header Injection vulnerability"
}
]
}
RHSA-2026:9742
Vulnerability from csaf_redhat - Published: 2026-04-22 14:56 - Updated: 2026-06-30 07:30Summary
Red Hat Security Advisory: Red Hat Developer Hub 1.8.6 release.
Severity
Critical
Notes
Topic: Red Hat Developer Hub 1.8.6 has been released.
Details: Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not correctly handle hostname normalization when evaluating NO_PROXY rules. An attacker can exploit this by crafting requests to loopback addresses (e.g., localhost. or [::1]) which bypass the NO_PROXY configuration and are routed through the configured proxy. This can lead to Server-Side Request Forgery (SSRF) vulnerabilities, enabling attackers to access sensitive internal or loopback services that should otherwise be protected.
7.0 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Python-Markdown. Parsing crafted markdown content containing malformed HTML-like sequences causes html.parser.HTMLParser to raise an unhandled AssertionError. This unhandled exception allows an attacker to cause an application crash and potentially disclose sensitive information via its stack trace.
8.2 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing (e.g., "Content-Length" and "content-length"). This can lead to HTTP Request Smuggling, a technique where an attacker sends an ambiguous request that is interpreted differently by a proxy and a backend server. Successful exploitation could result in unauthorized access, cache poisoning, or credential hijacking. It may also cause a Denial of Service (DoS) if strict HTTP parsers reject the malformed requests.
7.3 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in undici. A remote attacker can exploit this vulnerability by sending a specially crafted compressed frame, known as a "decompression bomb," during permessage-deflate decompression. The undici WebSocket client does not properly limit the size of decompressed data, leading to unbounded memory consumption. This can cause the Node.js process to exhaust available memory, resulting in a denial of service (DoS) where the process crashes or becomes unresponsive.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici's ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primary consequence is a Denial of Service (DoS), which terminates the process.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid `server_max_window_bits` parameter within the permessage-deflate extension. This improper validation causes the client's Node.js process to terminate, leading to a denial-of-service (DoS) condition for the client.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64 | — |
Workaround
|
Threats
Impact
Important
A security flaw was identified in the Orchestrator Plugin of Red Hat Developer Hub (Backstage). The issue occurs due to insufficient input validation in GraphQL query handling. An authenticated user can inject specially crafted input into API requests, which disrupts backend query processing. This results in the entire Backstage application crashing and restarting, leading to a platform-wide Denial of Service (DoS). As a result, legitimate users temporarily lose access to the platform.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in lodash. The fix for CVE-2021-23337 added validation for the variable option in _.template but did not apply the same validation to options.imports key names. Both paths flow into the same Function() constructor sink. Additionally, _.template uses assignInWith to merge imports, which enumerates inherited properties via for..in. If Object.prototype has been polluted by any other vector, the polluted keys are copied into the imports object and passed to Function().
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in path-to-regexp. A remote attacker could exploit this vulnerability by providing specially crafted input that generates a regular expression with multiple sequential optional groups. This leads to an exponential growth in the generated regular expression, causing a Denial of Service (DoS) due to excessive resource consumption.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64 | — |
Workaround
|
Threats
Impact
Important
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64 | — |
Threats
Impact
Moderate
A flaw was found in Underscore.js, a JavaScript utility library. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) attack by providing specially crafted recursive data structures. When these structures are processed by the _.flatten or _.isEqual functions, which lack a depth limit for recursion, a stack overflow occurs. This can make the application unavailable to legitimate users.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64 | — |
Threats
Impact
Moderate
A flaw was found in Immutable.js, a library for persistent immutable data structures. This vulnerability, known as Prototype Pollution, allows an attacker with low privileges to inject unwanted properties into core JavaScript object prototypes without user interaction. By manipulating specific APIs such as mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject(), a remote attacker could potentially execute arbitrary code or cause a denial of service (DoS).
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64 | — |
Threats
Impact
Important
A flaw was found in SVGO, an SVG (Scalable Vector Graphics) Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by submitting a specially crafted XML file. The application's failure to properly guard against XML entity expansion or recursion can lead to the Node.js process consuming excessive memory and crashing.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Backstage. The backstage/plugin-techdocs-node package uses an allowlist to filter dangerous MkDocs configuration keys during the documentation build process. A gap in this allowlist allows attackers to craft an mkdocs.yml file that causes arbitrary Python code execution.
9.1 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64 | — |
Workaround
|
Threats
Impact
Important
A denial of service flaw has been discovered in the flatted npm library. flatted's parse() function uses a recursive revive() phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow that crashes the Node.js process.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in fast-xml-parser. A remote attacker can exploit this vulnerability by supplying specially crafted XML input containing numeric character references or standard XML entities. This input can bypass configured entity expansion limits, leading to excessive memory allocation and high CPU usage. The primary consequence is a Denial of Service (DoS), which can crash the affected process.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in flatted, a JavaScript Object Notation (JSON) parser designed for handling circular data structures. A remote attacker can exploit this vulnerability by providing specially crafted JSON input. The parse() function in flatted fails to properly validate string values used as array index keys, allowing an attacker to manipulate internal JavaScript object prototypes. This prototype pollution can enable an attacker to execute arbitrary code or cause a denial of service, impacting the availability and integrity of affected systems.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64 | — |
Threats
Impact
Critical
A flaw was found in the node-forge library, a JavaScript implementation of Transport Layer Security. This vulnerability, inherited from the bundled jsbn library, allows a remote attacker to cause a Denial of Service (DoS). When the BigInteger.modInverse() function is called with a zero value, it enters an infinite loop, causing the process to hang indefinitely and consume 100% of the CPU resources.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Forge (also called `node-forge`), a JavaScript implementation of Transport Layer Security. A remote attacker could exploit weaknesses in the RSASSA PKCS#1 v1.5 signature verification process. By crafting malicious signatures that include extra data within the ASN structure and do not meet padding requirements, an attacker can bypass signature validation. This allows for the creation of forged signatures that appear legitimate, potentially compromising the integrity and authenticity of communications.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Forge (also called `node-forge`), a JavaScript library used for Transport Layer Security (TLS). The library's Ed25519 signature verification process does not correctly validate cryptographic signatures, allowing forged non-canonical signatures to be accepted. A remote attacker could exploit this signature malleability to bypass authentication and authorization logic. This vulnerability can also circumvent security checks in applications that rely on the uniqueness of cryptographic signatures for functions such as deduplication or preventing replay attacks.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Forge (also known as node-forge), a JavaScript implementation of Transport Layer Security (TLS). The `pki.verifyCertificateChain()` function does not properly enforce certificate validation rules. This oversight allows an intermediate certificate that lacks specific security extensions to enable any leaf certificate to function as a Certificate Authority (CA) and sign other certificates. Consequently, node-forge could accept these unauthorized certificates as valid, potentially leading to spoofing or the issuance of illegitimate certificates.
7.4 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in basic-ftp, an FTP client for Node.js. A remote attacker can exploit this vulnerability by injecting Carriage Return Line Feed (CRLF) sequences into file path parameters used by high-level APIs. This allows the attacker to split a single intended FTP command into multiple commands. Such command injection can lead to the execution of arbitrary commands, potentially compromising the integrity and availability of data or the system.
8.6 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Axios, a promise-based HTTP client. This vulnerability, known as Prototype Pollution, can be exploited through a specific "Gadget" attack chain. This allows an attacker to escalate a Prototype Pollution vulnerability in a third-party dependency, potentially leading to remote code execution or a full cloud compromise, such as bypassing AWS IMDSv2.
9.0 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64 | — |
Threats
Impact
Important
References
228 references
Acknowledgments
Thibault Guittet
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Developer Hub 1.8.6 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Developer Hub (RHDH) is Red Hat\u0027s enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:9742",
"url": "https://access.redhat.com/errata/RHSA-2026:9742"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62718",
"url": "https://access.redhat.com/security/cve/CVE-2025-62718"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-69534",
"url": "https://access.redhat.com/security/cve/CVE-2025-69534"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-69873",
"url": "https://access.redhat.com/security/cve/CVE-2025-69873"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-1525",
"url": "https://access.redhat.com/security/cve/CVE-2026-1525"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-1526",
"url": "https://access.redhat.com/security/cve/CVE-2026-1526"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-1528",
"url": "https://access.redhat.com/security/cve/CVE-2026-1528"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-2229",
"url": "https://access.redhat.com/security/cve/CVE-2026-2229"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26996",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27601",
"url": "https://access.redhat.com/security/cve/CVE-2026-27601"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27904",
"url": "https://access.redhat.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29063",
"url": "https://access.redhat.com/security/cve/CVE-2026-29063"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29074",
"url": "https://access.redhat.com/security/cve/CVE-2026-29074"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29186",
"url": "https://access.redhat.com/security/cve/CVE-2026-29186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-3118",
"url": "https://access.redhat.com/security/cve/CVE-2026-3118"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32141",
"url": "https://access.redhat.com/security/cve/CVE-2026-32141"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33036",
"url": "https://access.redhat.com/security/cve/CVE-2026-33036"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33228",
"url": "https://access.redhat.com/security/cve/CVE-2026-33228"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33891",
"url": "https://access.redhat.com/security/cve/CVE-2026-33891"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33894",
"url": "https://access.redhat.com/security/cve/CVE-2026-33894"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33895",
"url": "https://access.redhat.com/security/cve/CVE-2026-33895"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33896",
"url": "https://access.redhat.com/security/cve/CVE-2026-33896"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39983",
"url": "https://access.redhat.com/security/cve/CVE-2026-39983"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40175",
"url": "https://access.redhat.com/security/cve/CVE-2026-40175"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4800",
"url": "https://access.redhat.com/security/cve/CVE-2026-4800"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4926",
"url": "https://access.redhat.com/security/cve/CVE-2026-4926"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh",
"url": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh"
},
{
"category": "external",
"summary": "https://developers.redhat.com/rhdh/overview",
"url": "https://developers.redhat.com/rhdh/overview"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_developer_hub",
"url": "https://docs.redhat.com/en/documentation/red_hat_developer_hub"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHDHBUGS-2288",
"url": "https://issues.redhat.com/browse/RHDHBUGS-2288"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHDHBUGS-2947",
"url": "https://issues.redhat.com/browse/RHDHBUGS-2947"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHDHBUGS-2972",
"url": "https://issues.redhat.com/browse/RHDHBUGS-2972"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-12327",
"url": "https://issues.redhat.com/browse/RHIDP-12327"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-12388",
"url": "https://issues.redhat.com/browse/RHIDP-12388"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-12419",
"url": "https://issues.redhat.com/browse/RHIDP-12419"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-12511",
"url": "https://issues.redhat.com/browse/RHIDP-12511"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-12568",
"url": "https://issues.redhat.com/browse/RHIDP-12568"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-12647",
"url": "https://issues.redhat.com/browse/RHIDP-12647"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-12650",
"url": "https://issues.redhat.com/browse/RHIDP-12650"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-12655",
"url": "https://issues.redhat.com/browse/RHIDP-12655"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-12666",
"url": "https://issues.redhat.com/browse/RHIDP-12666"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-12686",
"url": "https://issues.redhat.com/browse/RHIDP-12686"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-12784",
"url": "https://issues.redhat.com/browse/RHIDP-12784"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-12880",
"url": "https://issues.redhat.com/browse/RHIDP-12880"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-12887",
"url": "https://issues.redhat.com/browse/RHIDP-12887"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-12921",
"url": "https://issues.redhat.com/browse/RHIDP-12921"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-12930",
"url": "https://issues.redhat.com/browse/RHIDP-12930"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-12996",
"url": "https://issues.redhat.com/browse/RHIDP-12996"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-13105",
"url": "https://issues.redhat.com/browse/RHIDP-13105"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-13107",
"url": "https://issues.redhat.com/browse/RHIDP-13107"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-13130",
"url": "https://issues.redhat.com/browse/RHIDP-13130"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-13180",
"url": "https://issues.redhat.com/browse/RHIDP-13180"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-13182",
"url": "https://issues.redhat.com/browse/RHIDP-13182"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-13185",
"url": "https://issues.redhat.com/browse/RHIDP-13185"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_9742.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Developer Hub 1.8.6 release.",
"tracking": {
"current_release_date": "2026-06-30T07:30:02+00:00",
"generator": {
"date": "2026-06-30T07:30:02+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2026:9742",
"initial_release_date": "2026-04-22T14:56:38+00:00",
"revision_history": [
{
"date": "2026-04-22T14:56:38+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-22T14:56:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T07:30:02+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Developer Hub 1.8",
"product": {
"name": "Red Hat Developer Hub 1.8",
"product_id": "Red Hat Developer Hub 1.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhdh:1.8::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Developer Hub"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-hub-rhel9@sha256%3Abb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1776784286"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-rhel9-operator@sha256%3Af09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1776783947"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-operator-bundle@sha256%3Ab40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1776787729"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64 as a component of Red Hat Developer Hub 1.8",
"product_id": "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64 as a component of Red Hat Developer Hub 1.8",
"product_id": "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64 as a component of Red Hat Developer Hub 1.8",
"product_id": "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-62718",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-04-09T15:01:48.111177+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456913"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not correctly handle hostname normalization when evaluating NO_PROXY rules. An attacker can exploit this by crafting requests to loopback addresses (e.g., localhost. or [::1]) which bypass the NO_PROXY configuration and are routed through the configured proxy. This can lead to Server-Side Request Forgery (SSRF) vulnerabilities, enabling attackers to access sensitive internal or loopback services that should otherwise be protected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has limited impact due to combination of non-default conditions to exploit: the attacker must be able to control or influence URLs passed to axios in a server-side context, the application must have both `HTTP_PROXY` and `NO_PROXY` configured, and the proxy itself must be positioned to act on the misdirected traffic or have been compromised by the attacker to intercept the rerouted traffic.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62718"
},
{
"category": "external",
"summary": "RHBZ#2456913",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456913"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62718"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc1034#section-3.1",
"url": "https://datatracker.ietf.org/doc/html/rfc1034#section-3.1"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2",
"url": "https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df",
"url": "https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/pull/10661",
"url": "https://github.com/axios/axios/pull/10661"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.15.0",
"url": "https://github.com/axios/axios/releases/tag/v1.15.0"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5"
}
],
"release_date": "2026-04-09T14:31:46.067000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T14:56:38+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9742"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization"
},
{
"cve": "CVE-2025-69534",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2026-03-05T16:01:10.432461+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2444839"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Python-Markdown. Parsing crafted markdown content containing malformed HTML-like sequences causes html.parser.HTMLParser to raise an unhandled AssertionError. This unhandled exception allows an attacker to cause an application crash and potentially disclose sensitive information via its stack trace.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-markdown: denial of service via malformed HTML-like sequences",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to supply a specially crafted payload to be processed by an application using Python-Markdown. Additionally, the security impact of this vulnerability is limited to an information disclosure via the unhandled exception stack trace and a denial of service. There is no memory corruption or arbitrary command execution. Due to these reasons, this issue has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69534"
},
{
"category": "external",
"summary": "RHBZ#2444839",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444839"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69534",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69534"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69534",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69534"
},
{
"category": "external",
"summary": "https://github.com/Python-Markdown/markdown",
"url": "https://github.com/Python-Markdown/markdown"
},
{
"category": "external",
"summary": "https://github.com/Python-Markdown/markdown/actions/runs/15736122892",
"url": "https://github.com/Python-Markdown/markdown/actions/runs/15736122892"
},
{
"category": "external",
"summary": "https://github.com/Python-Markdown/markdown/issues/1534",
"url": "https://github.com/Python-Markdown/markdown/issues/1534"
}
],
"release_date": "2026-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T14:56:38+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9742"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, wrap your markdown parsing function in a try/except block. This catches the unhandled exception, preventing both the application crash and the stack trace leak.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python-markdown: denial of service via malformed HTML-like sequences"
},
{
"cve": "CVE-2025-69873",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-11T19:01:32.953264+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ajv: ReDoS via $data reference",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, the $data option must be enabled and the attacker needs to be able to send a payload with a specially crafted regular expression to the application processing the input. A 31-character payload causes approximately 44 seconds of execution, with each additional character doubling the execution time. Therefore, even a small payload can cause an application to become unresponsive and eventually result in a denial of service. Due to this reason, this flaw has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69873"
},
{
"category": "external",
"summary": "RHBZ#2439070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873"
},
{
"category": "external",
"summary": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md",
"url": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md"
}
],
"release_date": "2026-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T14:56:38+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9742"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable the $data feature if your application does not require it. If $data must be used, implement strict validation of the input fields that are referenced by the pattern keyword to ensure they contain only expected and safe characters.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ajv: ReDoS via $data reference"
},
{
"cve": "CVE-2026-1525",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2026-03-12T21:01:33.639277+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447144"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing (e.g., \"Content-Length\" and \"content-length\"). This can lead to HTTP Request Smuggling, a technique where an attacker sends an ambiguous request that is interpreted differently by a proxy and a backend server. Successful exploitation could result in unauthorized access, cache poisoning, or credential hijacking. It may also cause a Denial of Service (DoS) if strict HTTP parsers reject the malformed requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Moderate impact. A flaw in the undici Node.js HTTP/1.1 client allows for HTTP Request Smuggling or Denial of Service. This can occur in Red Hat products that use undici and process HTTP requests where user-controlled header names are not case-normalized, or headers are passed as flat arrays.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1525"
},
{
"category": "external",
"summary": "RHBZ#2447144",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447144"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1525",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1525"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://cwe.mitre.org/data/definitions/444.html",
"url": "https://cwe.mitre.org/data/definitions/444.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3556037",
"url": "https://hackerone.com/reports/3556037"
},
{
"category": "external",
"summary": "https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6",
"url": "https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6"
}
],
"release_date": "2026-03-12T19:56:55.092000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T14:56:38+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9742"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers"
},
{
"cve": "CVE-2026-1526",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-03-12T21:01:25.538271+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447142"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A remote attacker can exploit this vulnerability by sending a specially crafted compressed frame, known as a \"decompression bomb,\" during permessage-deflate decompression. The undici WebSocket client does not properly limit the size of decompressed data, leading to unbounded memory consumption. This can cause the Node.js process to exhaust available memory, resulting in a denial of service (DoS) where the process crashes or becomes unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1526"
},
{
"category": "external",
"summary": "RHBZ#2447142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447142"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1526",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1526"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1526",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1526"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc7692",
"url": "https://datatracker.ietf.org/doc/html/rfc7692"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3481206",
"url": "https://hackerone.com/reports/3481206"
}
],
"release_date": "2026-03-12T20:08:05.950000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T14:56:38+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9742"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression"
},
{
"cve": "CVE-2026-1528",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2026-03-12T21:01:36.954017+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447145"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici\u0027s ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primary consequence is a Denial of Service (DoS), which terminates the process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Denial of Service via crafted WebSocket frame with large length",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1528"
},
{
"category": "external",
"summary": "RHBZ#2447145",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447145"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1528",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1528"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1528",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1528"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3537648",
"url": "https://hackerone.com/reports/3537648"
}
],
"release_date": "2026-03-12T20:21:57.775000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T14:56:38+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9742"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Denial of Service via crafted WebSocket frame with large length"
},
{
"cve": "CVE-2026-2229",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2026-03-12T21:01:29.187989+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447143"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid `server_max_window_bits` parameter within the permessage-deflate extension. This improper validation causes the client\u0027s Node.js process to terminate, leading to a denial-of-service (DoS) condition for the client.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2229"
},
{
"category": "external",
"summary": "RHBZ#2447143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447143"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2229",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2229"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2229",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2229"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc7692",
"url": "https://datatracker.ietf.org/doc/html/rfc7692"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3487486",
"url": "https://hackerone.com/reports/3487486"
},
{
"category": "external",
"summary": "https://nodejs.org/api/zlib.html#class-zlibinflateraw",
"url": "https://nodejs.org/api/zlib.html#class-zlibinflateraw"
}
],
"release_date": "2026-03-12T20:27:05.600000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T14:56:38+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9742"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter"
},
{
"acknowledgments": [
{
"names": [
"Thibault Guittet"
]
}
],
"cve": "CVE-2026-3118",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2026-02-24T12:08:42.955000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442273"
}
],
"notes": [
{
"category": "description",
"text": "A security flaw was identified in the Orchestrator Plugin of Red Hat Developer Hub (Backstage). The issue occurs due to insufficient input validation in GraphQL query handling. An authenticated user can inject specially crafted input into API requests, which disrupts backend query processing. This results in the entire Backstage application crashing and restarting, leading to a platform-wide Denial of Service (DoS). As a result, legitimate users temporarily lose access to the platform.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rhdh: GraphQL Injection Leading to Platform-Wide Denial of Service (DoS) in RH Developer Hub Orchestrator Plugin",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This MODERATE impact vulnerability in the Orchestrator Plugin of Red Hat Developer Hub (Backstage) allows an authenticated attacker to cause a platform-wide Denial of Service. By injecting specially crafted input into GraphQL API requests, an attacker can disrupt backend query processing, leading to the application crashing and restarting. This issue temporarily prevents legitimate users from accessing the platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-3118"
},
{
"category": "external",
"summary": "RHBZ#2442273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442273"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-3118",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3118"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-3118",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3118"
}
],
"release_date": "2026-02-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T14:56:38+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9742"
},
{
"category": "workaround",
"details": "To mitigate this issue, restrict network access to the Red Hat Developer Hub instance to trusted users and networks only. This limits the exposure of the vulnerable Orchestrator Plugin to unauthorized access.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rhdh: GraphQL Injection Leading to Platform-Wide Denial of Service (DoS) in RH Developer Hub Orchestrator Plugin"
},
{
"cve": "CVE-2026-4800",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2026-03-31T20:01:21.918257+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453496"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in lodash. The fix for CVE-2021-23337 added validation for the variable option in _.template but did not apply the same validation to options.imports key names. Both paths flow into the same Function() constructor sink. Additionally, _.template uses assignInWith to merge imports, which enumerates inherited properties via for..in. If Object.prototype has been polluted by any other vector, the polluted keys are copied into the imports object and passed to Function().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "lodash: lodash: Arbitrary code execution via untrusted input in template imports",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In the context of Red Hat Enterprise Linux, the grafana and grafana-pcp packages execute the affected JavaScript entirely client-side within the user\u0027s browser. Consequently, the attack surface is strictly restricted to the local browser environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4800"
},
{
"category": "external",
"summary": "RHBZ#2453496",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453496"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4800",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4800"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4800",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4800"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-35jh-r3h4-6jhm",
"url": "https://github.com/advisories/GHSA-35jh-r3h4-6jhm"
},
{
"category": "external",
"summary": "https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c",
"url": "https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c"
}
],
"release_date": "2026-03-31T19:25:55.987000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T14:56:38+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9742"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "lodash: lodash: Arbitrary code execution via untrusted input in template imports"
},
{
"cve": "CVE-2026-4926",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-03-26T20:03:28.427630+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451867"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in path-to-regexp. A remote attacker could exploit this vulnerability by providing specially crafted input that generates a regular expression with multiple sequential optional groups. This leads to an exponential growth in the generated regular expression, causing a Denial of Service (DoS) due to excessive resource consumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "path-to-regexp: path-to-regexp: Denial of Service via crafted regular expressions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw in `path-to-regexp` that can lead to a Denial of Service. The vulnerability occurs when specially crafted input containing multiple sequential optional groups is used to generate regular expressions, causing exponential resource consumption.\n\nThe Red Hat Advanced Cluster Security is not affected by this issue since it\u0027s shipping a `path-to-regexp` version which doesn\u0027t contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4926"
},
{
"category": "external",
"summary": "RHBZ#2451867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451867"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4926",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4926"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4926",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4926"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
}
],
"release_date": "2026-03-26T18:59:38+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T14:56:38+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9742"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, limit the use of multiple sequential optional groups in route patterns within applications that use `path-to-regexp`. Additionally, avoid directly passing user-controlled input as route patterns to prevent the generation of maliciously crafted regular expressions.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "path-to-regexp: path-to-regexp: Denial of Service via crafted regular expressions"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T14:56:38+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9742"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-26996",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-20T04:01:11.896063+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441268"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: minimatch: Denial of Service via specially crafted glob patterns",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "RHBZ#2441268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5",
"url": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26"
}
],
"release_date": "2026-02-20T03:05:21.105000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T14:56:38+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9742"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns"
},
{
"cve": "CVE-2026-27601",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-03-03T23:01:58.011378+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2444247"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Underscore.js, a JavaScript utility library. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) attack by providing specially crafted recursive data structures. When these structures are processed by the _.flatten or _.isEqual functions, which lack a depth limit for recursion, a stack overflow occurs. This can make the application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Underscore.js: Underscore.js: Denial of Service via recursive data structures in flatten and isEqual functions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27601"
},
{
"category": "external",
"summary": "RHBZ#2444247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27601",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27601"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27601",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27601"
},
{
"category": "external",
"summary": "https://github.com/jashkenas/underscore/commit/411e222eb0ca5d570cc4f6315c02c05b830ed2b4",
"url": "https://github.com/jashkenas/underscore/commit/411e222eb0ca5d570cc4f6315c02c05b830ed2b4"
},
{
"category": "external",
"summary": "https://github.com/jashkenas/underscore/commit/a6e23ae9647461ec33ad9f92a2ecfc220eea0a84",
"url": "https://github.com/jashkenas/underscore/commit/a6e23ae9647461ec33ad9f92a2ecfc220eea0a84"
},
{
"category": "external",
"summary": "https://github.com/jashkenas/underscore/security/advisories/GHSA-qpx9-hpmf-5gmw",
"url": "https://github.com/jashkenas/underscore/security/advisories/GHSA-qpx9-hpmf-5gmw"
}
],
"release_date": "2026-03-03T22:38:38.955000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T14:56:38+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9742"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications utilizing Underscore.js should ensure that any processing of untrusted, recursively structured data with `_.flatten` or `_.isEqual` explicitly enforces a finite depth limit. Review application code to identify and modify calls to these functions, adding appropriate depth parameters to prevent stack overflow conditions. Additionally, input validation should be implemented to sanitize untrusted data before it is processed by Underscore.js functions.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Underscore.js: Underscore.js: Denial of Service via recursive data structures in flatten and isEqual functions"
},
{
"cve": "CVE-2026-27904",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-26T02:01:23.004531+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442922"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "RHBZ#2442922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442922"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74"
}
],
"release_date": "2026-02-26T01:07:42.693000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T14:56:38+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9742"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions"
},
{
"cve": "CVE-2026-29063",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-03-06T19:00:57.982727+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Immutable.js, a library for persistent immutable data structures. This vulnerability, known as Prototype Pollution, allows an attacker with low privileges to inject unwanted properties into core JavaScript object prototypes without user interaction. By manipulating specific APIs such as mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject(), a remote attacker could potentially execute arbitrary code or cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this vulnerability requires that an attacker is able to provide arbitrary data to clients of this library in a way that calls the affected functions with data the attacker controls. In most deployments, the ability to provide data in this fashion requires that an attacker has some degree of privileges to access the affected applications.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29063"
},
{
"category": "external",
"summary": "RHBZ#2445291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29063",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29063"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29063",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29063"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/releases/tag/v3.8.3",
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v3.8.3"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/releases/tag/v4.3.8",
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v4.3.8"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/releases/tag/v5.1.5",
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v5.1.5"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/security/advisories/GHSA-wf6x-7x77-mvgw",
"url": "https://github.com/immutable-js/immutable-js/security/advisories/GHSA-wf6x-7x77-mvgw"
}
],
"release_date": "2026-03-06T18:25:22.438000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T14:56:38+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9742"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution"
},
{
"cve": "CVE-2026-29074",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2026-03-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445132"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in SVGO, an SVG (Scalable Vector Graphics) Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by submitting a specially crafted XML file. The application\u0027s failure to properly guard against XML entity expansion or recursion can lead to the Node.js process consuming excessive memory and crashing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "svgo: SVGO: Denial of Service via XML entity expansion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29074"
},
{
"category": "external",
"summary": "RHBZ#2445132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445132"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29074",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29074"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074"
},
{
"category": "external",
"summary": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673",
"url": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673"
}
],
"release_date": "2026-03-06T07:23:05.716000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T14:56:38+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9742"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "svgo: SVGO: Denial of Service via XML entity expansion"
},
{
"cve": "CVE-2026-29186",
"cwe": {
"id": "CWE-791",
"name": "Incomplete Filtering of Special Elements"
},
"discovery_date": "2026-03-07T16:01:40.949207+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445480"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Backstage. The backstage/plugin-techdocs-node package uses an allowlist to filter dangerous MkDocs configuration keys during the documentation build process. A gap in this allowlist allows attackers to craft an mkdocs.yml file that causes arbitrary Python code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "backstage/plugin-techdocs-node: TechDocs Mkdocs configuration key enables arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs commit access to a repository that Backstage is configured to track and build in order to introduce a malicious mkdocs.yml file into the TechDocs build pipeline. Additionally, an attacker can execute arbitrary Python code but the payload is confined by the permissions granted to the TechDocs build process which is typically a restricted service account, limiting the impact of this vulnerability. Due to these reasons, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29186"
},
{
"category": "external",
"summary": "RHBZ#2445480",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445480"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29186"
},
{
"category": "external",
"summary": "https://github.com/backstage/backstage/security/advisories/GHSA-928r-fm4v-mvrw",
"url": "https://github.com/backstage/backstage/security/advisories/GHSA-928r-fm4v-mvrw"
}
],
"release_date": "2026-03-07T15:03:51.422000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T14:56:38+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9742"
},
{
"category": "workaround",
"details": "To mitigate this issue, enable docker isolation by updating the Backstage configuration to use \u0027runIn: docker\u0027 instead of \u0027runIn: local\u0027, confining the arbitrary Python code execution to a containerized environment. Additionally, limit commit access to repositories tracked by Backstage to trusted contributors only, and enforce mandatory pull request (PR) reviews for any modifications made to the mkdocs.yml file.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "backstage/plugin-techdocs-node: TechDocs Mkdocs configuration key enables arbitrary code execution"
},
{
"cve": "CVE-2026-32141",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-03-12T19:01:30.987208+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447083"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the flatted npm library. flatted\u0027s parse() function uses a recursive revive() phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow that crashes the Node.js process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flatted: flatted: Unbounded recursion DoS in parse() revive phase",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32141"
},
{
"category": "external",
"summary": "RHBZ#2447083",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447083"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32141"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32141",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32141"
},
{
"category": "external",
"summary": "https://github.com/WebReflection/flatted/commit/7eb65d857e1a40de11c47461cdbc8541449f0606",
"url": "https://github.com/WebReflection/flatted/commit/7eb65d857e1a40de11c47461cdbc8541449f0606"
},
{
"category": "external",
"summary": "https://github.com/WebReflection/flatted/pull/88",
"url": "https://github.com/WebReflection/flatted/pull/88"
},
{
"category": "external",
"summary": "https://github.com/WebReflection/flatted/security/advisories/GHSA-25h7-pfq9-p65f",
"url": "https://github.com/WebReflection/flatted/security/advisories/GHSA-25h7-pfq9-p65f"
}
],
"release_date": "2026-03-12T18:08:09.634000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T14:56:38+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9742"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "flatted: flatted: Unbounded recursion DoS in parse() revive phase"
},
{
"cve": "CVE-2026-33036",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2026-03-20T06:02:18.306021+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449458"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in fast-xml-parser. A remote attacker can exploit this vulnerability by supplying specially crafted XML input containing numeric character references or standard XML entities. This input can bypass configured entity expansion limits, leading to excessive memory allocation and high CPU usage. The primary consequence is a Denial of Service (DoS), which can crash the affected process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "fast-xml-parser: fast-xml-parser: Denial of Service via XML entity expansion bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33036"
},
{
"category": "external",
"summary": "RHBZ#2449458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449458"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33036",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33036"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33036",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33036"
},
{
"category": "external",
"summary": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/bd26122c838e6a55e7d7ac49b4ccc01a49999a01",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/bd26122c838e6a55e7d7ac49b4ccc01a49999a01"
},
{
"category": "external",
"summary": "https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.5.6",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.5.6"
},
{
"category": "external",
"summary": "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-8gc5-j5rx-235r",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-8gc5-j5rx-235r"
}
],
"release_date": "2026-03-20T05:17:03.290000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T14:56:38+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9742"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "fast-xml-parser: fast-xml-parser: Denial of Service via XML entity expansion bypass"
},
{
"cve": "CVE-2026-33228",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-03-21T00:01:43.424803+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449872"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in flatted, a JavaScript Object Notation (JSON) parser designed for handling circular data structures. A remote attacker can exploit this vulnerability by providing specially crafted JSON input. The parse() function in flatted fails to properly validate string values used as array index keys, allowing an attacker to manipulate internal JavaScript object prototypes. This prototype pollution can enable an attacker to execute arbitrary code or cause a denial of service, impacting the availability and integrity of affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flatted: Flatted: Prototype pollution vulnerability allows arbitrary code execution via crafted JSON.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A Critical vulnerability was discovered in \u0027flatted\u0027, a JavaScript JSON parser. It could enable a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service. Exploitation involves prototype pollution by providing a specially crafted JSON input. Red Hat products that process un-trusted JSON data and utilize the \u0027flatted\u0027 library are at risk if they do not properly sanitize input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33228"
},
{
"category": "external",
"summary": "RHBZ#2449872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33228",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33228"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33228",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33228"
},
{
"category": "external",
"summary": "https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802",
"url": "https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802"
},
{
"category": "external",
"summary": "https://github.com/WebReflection/flatted/releases/tag/v3.4.2",
"url": "https://github.com/WebReflection/flatted/releases/tag/v3.4.2"
},
{
"category": "external",
"summary": "https://github.com/WebReflection/flatted/security/advisories/GHSA-rf6f-7fwh-wjgh",
"url": "https://github.com/WebReflection/flatted/security/advisories/GHSA-rf6f-7fwh-wjgh"
}
],
"release_date": "2026-03-20T23:06:48.485000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T14:56:38+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9742"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "flatted: Flatted: Prototype pollution vulnerability allows arbitrary code execution via crafted JSON."
},
{
"cve": "CVE-2026-33891",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-03-27T21:01:34.410210+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2452450"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the node-forge library, a JavaScript implementation of Transport Layer Security. This vulnerability, inherited from the bundled jsbn library, allows a remote attacker to cause a Denial of Service (DoS). When the BigInteger.modInverse() function is called with a zero value, it enters an infinite loop, causing the process to hang indefinitely and consume 100% of the CPU resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge: Denial of Service via infinite loop in BigInteger.modInverse()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33891"
},
{
"category": "external",
"summary": "RHBZ#2452450",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452450"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33891",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33891"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33891",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33891"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/commit/9bb8d67b99d17e4ebb5fd7596cd699e11f25d023",
"url": "https://github.com/digitalbazaar/forge/commit/9bb8d67b99d17e4ebb5fd7596cd699e11f25d023"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx"
}
],
"release_date": "2026-03-27T20:43:37.725000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T14:56:38+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9742"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: node-forge: Denial of Service via infinite loop in BigInteger.modInverse()"
},
{
"cve": "CVE-2026-33894",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-27T21:02:52.462999+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2452464"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Forge (also called `node-forge`), a JavaScript implementation of Transport Layer Security. A remote attacker could exploit weaknesses in the RSASSA PKCS#1 v1.5 signature verification process. By crafting malicious signatures that include extra data within the ASN structure and do not meet padding requirements, an attacker can bypass signature validation. This allows for the creation of forged signatures that appear legitimate, potentially compromising the integrity and authenticity of communications.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: Forge: Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33894"
},
{
"category": "external",
"summary": "RHBZ#2452464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33894",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33894"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33894",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33894"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc2313#section-8",
"url": "https://datatracker.ietf.org/doc/html/rfc2313#section-8"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp"
},
{
"category": "external",
"summary": "https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE",
"url": "https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE"
},
{
"category": "external",
"summary": "https://www.rfc-editor.org/rfc/rfc8017.html",
"url": "https://www.rfc-editor.org/rfc/rfc8017.html"
}
],
"release_date": "2026-03-27T20:45:49.583000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T14:56:38+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9742"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: Forge: Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification"
},
{
"cve": "CVE-2026-33895",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-27T21:02:18.484291+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2452457"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Forge (also called `node-forge`), a JavaScript library used for Transport Layer Security (TLS). The library\u0027s Ed25519 signature verification process does not correctly validate cryptographic signatures, allowing forged non-canonical signatures to be accepted. A remote attacker could exploit this signature malleability to bypass authentication and authorization logic. This vulnerability can also circumvent security checks in applications that rely on the uniqueness of cryptographic signatures for functions such as deduplication or preventing replay attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: Forge: Authentication bypass via forged Ed25519 cryptographic signatures",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33895"
},
{
"category": "external",
"summary": "RHBZ#2452457",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452457"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33895",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33895"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33895",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33895"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc8032#section-8.4",
"url": "https://datatracker.ietf.org/doc/html/rfc8032#section-8.4"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/commit/bdecf11571c9f1a487cc0fe72fe78ff6dfa96b85",
"url": "https://github.com/digitalbazaar/forge/commit/bdecf11571c9f1a487cc0fe72fe78ff6dfa96b85"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-q67f-28xg-22rw",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-q67f-28xg-22rw"
}
],
"release_date": "2026-03-27T20:47:54.492000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T14:56:38+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9742"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: Forge: Authentication bypass via forged Ed25519 cryptographic signatures"
},
{
"cve": "CVE-2026-33896",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-03-27T21:02:22.762233+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2452458"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Forge (also known as node-forge), a JavaScript implementation of Transport Layer Security (TLS). The `pki.verifyCertificateChain()` function does not properly enforce certificate validation rules. This oversight allows an intermediate certificate that lacks specific security extensions to enable any leaf certificate to function as a Certificate Authority (CA) and sign other certificates. Consequently, node-forge could accept these unauthorized certificates as valid, potentially leading to spoofing or the issuance of illegitimate certificates.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: Forge (node-forge): Certificate validation bypass allows unauthorized certificate issuance",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33896"
},
{
"category": "external",
"summary": "RHBZ#2452458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452458"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33896",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33896"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33896",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33896"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/commit/2e492832fb25227e6b647cbe1ac981c123171e90",
"url": "https://github.com/digitalbazaar/forge/commit/2e492832fb25227e6b647cbe1ac981c123171e90"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25"
}
],
"release_date": "2026-03-27T20:50:03.418000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T14:56:38+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9742"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: Forge (node-forge): Certificate validation bypass allows unauthorized certificate issuance"
},
{
"cve": "CVE-2026-39983",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2026-04-09T18:02:16.209487+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456971"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in basic-ftp, an FTP client for Node.js. A remote attacker can exploit this vulnerability by injecting Carriage Return Line Feed (CRLF) sequences into file path parameters used by high-level APIs. This allows the attacker to split a single intended FTP command into multiple commands. Such command injection can lead to the execution of arbitrary commands, potentially compromising the integrity and availability of data or the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "basic-ftp: basic-ftp: Command injection via CRLF sequences in file path parameters",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39983"
},
{
"category": "external",
"summary": "RHBZ#2456971",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456971"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39983",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39983"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39983",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39983"
},
{
"category": "external",
"summary": "https://github.com/patrickjuchli/basic-ftp/commit/2ecc8e2c500c5234115f06fd1dbde1aa03d70f4b",
"url": "https://github.com/patrickjuchli/basic-ftp/commit/2ecc8e2c500c5234115f06fd1dbde1aa03d70f4b"
},
{
"category": "external",
"summary": "https://github.com/patrickjuchli/basic-ftp/releases/tag/v5.2.1",
"url": "https://github.com/patrickjuchli/basic-ftp/releases/tag/v5.2.1"
},
{
"category": "external",
"summary": "https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q",
"url": "https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q"
}
],
"release_date": "2026-04-09T17:05:46.228000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T14:56:38+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9742"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "basic-ftp: basic-ftp: Command injection via CRLF sequences in file path parameters"
},
{
"cve": "CVE-2026-40175",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-10T20:02:10.296601+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2457432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability, known as Prototype Pollution, can be exploited through a specific \"Gadget\" attack chain. This allows an attacker to escalate a Prototype Pollution vulnerability in a third-party dependency, potentially leading to remote code execution or a full cloud compromise, such as bypassing AWS IMDSv2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Remote Code Execution via Prototype Pollution escalation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Axios library, a promise-based HTTP client, is susceptible to an Important prototype pollution vulnerability. This flaw, when combined with specific \"Gadget\" attack chains in third-party dependencies, can lead to remote code execution or full cloud compromise, including bypassing AWS IMDSv2.\n \nWith pollution check patch available in Axios gives an advantage, it remains vulnerable due to HTTP Header Sanitation and Server-Side Request Forgery threat.\n\nRed Hat products that incorporate the vulnerable Axios library are affected.\n\nThe openshift4/ose-monitoring-plugin-rhel9 container image is not vulnerable to this flaw. The affected component is used as a build-time dependency but it\u0027s not shipped in the final product, meaning the flaw is not present thus cannot be exploited in the container deployments.\n\nRegarding openshift4/ose-console for Product stream 4.12 and 4.13, the vulnerable component is present (indirect dependency), but the vulnerability is not exploitable in our case due to the browser runtime, where the required Node.js-specific attack vectors are not available. With this, the impact becomes low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40175"
},
{
"category": "external",
"summary": "RHBZ#2457432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40175",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40175"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1",
"url": "https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/pull/10660",
"url": "https://github.com/axios/axios/pull/10660"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.15.0",
"url": "https://github.com/axios/axios/releases/tag/v1.15.0"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx",
"url": "https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx"
}
],
"release_date": "2026-04-10T19:23:52.285000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T14:56:38+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9742"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:bb763e2b7a9d101f73b03b9e1c5688e7034fd9d31413e890817bd4098a7d42f9_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b40f228ed49b81e675763d0bb1e38e7a45c45eef8003237abfbddbfb952bb331_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:f09d63af77eec6b131067a08b1bd3a8c7673f9e68325bfde1ae081f85d73598c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Remote Code Execution via Prototype Pollution escalation"
}
]
}
WID-SEC-W-2026-0778
Vulnerability from csaf_certbund - Published: 2026-03-18 23:00 - Updated: 2026-05-11 22:00Summary
Dell Secure Connect Gateway Policy Manager: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Dell Secure Connect Gateway ist eine Softwarelösung, die als sicherer, zentralisierter Punkt für die Verwaltung des Fernzugriffs und des Supports für Hardware und Software von Dell Technologies dient.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Dell Secure Connect Gateway Policy Manager ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
Betroffene Betriebssysteme: - Sonstiges
- Windows
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell ECS 3.8.1.0-3.8.1.7
Dell / ECS
|
cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7
|
3.8.1.0-3.8.1.7 | |
|
Dell Secure Connect Gateway Policy Manager <5.34.00.14
Dell / Secure Connect Gateway
|
Policy Manager <5.34.00.14 | ||
|
Dell Secure Connect Gateway <5.34.00.16
Dell / Secure Connect Gateway
|
<5.34.00.16 |
References
5 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Dell Secure Connect Gateway ist eine Softwarel\u00f6sung, die als sicherer, zentralisierter Punkt f\u00fcr die Verwaltung des Fernzugriffs und des Supports f\u00fcr Hardware und Software von Dell Technologies dient.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Dell Secure Connect Gateway Policy Manager ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0778 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0778.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0778 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0778"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2026-120 vom 2026-03-18",
"url": "https://www.dell.com/support/kbdoc/de-de/000441138/dsa-2026-120-security-update-for-dell-secure-connect-gateway-policy-manager-multiple-third-party-component-vulnerabilities"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2026-152 vom 2026-03-23",
"url": "https://www.dell.com/support/kbdoc/de-de/000443243/dsa-2026-152-dell-secure-connect-gateway-security-update-for-multiple-third-party-component-vulnerabilities"
},
{
"category": "external",
"summary": "Dell Security Advisory",
"url": "https://www.dell.com/support/kbdoc/en-us/000462117/dsa-2026-047-security-update-for-dell-ecs-and-objectscale-multiple-vulnerabilities-1"
}
],
"source_lang": "en-US",
"title": "Dell Secure Connect Gateway Policy Manager: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-05-11T22:00:00.000+00:00",
"generator": {
"date": "2026-05-12T08:12:31.865+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0778",
"initial_release_date": "2026-03-18T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-03-18T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-03-23T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2026-05-11T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Dell aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.8.1.0-3.8.1.7",
"product": {
"name": "Dell ECS 3.8.1.0-3.8.1.7",
"product_id": "T053778",
"product_identification_helper": {
"cpe": "cpe:/h:dell:ecs:3.8.1.0_-_3.8.1.7"
}
}
}
],
"category": "product_name",
"name": "ECS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Policy Manager \u003c5.34.00.14",
"product": {
"name": "Dell Secure Connect Gateway Policy Manager \u003c5.34.00.14",
"product_id": "T051894"
}
},
{
"category": "product_version",
"name": "Policy Manager 5.34.00.14",
"product": {
"name": "Dell Secure Connect Gateway Policy Manager 5.34.00.14",
"product_id": "T051894-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:secure_connect_gateway:policy_manager__5.34.00.14"
}
}
},
{
"category": "product_version_range",
"name": "\u003c5.34.00.16",
"product": {
"name": "Dell Secure Connect Gateway \u003c5.34.00.16",
"product_id": "T052048"
}
},
{
"category": "product_version",
"name": "5.34.00.16",
"product": {
"name": "Dell Secure Connect Gateway 5.34.00.16",
"product_id": "T052048-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:secure_connect_gateway:5.34.00.16"
}
}
}
],
"category": "product_name",
"name": "Secure Connect Gateway"
}
],
"category": "vendor",
"name": "Dell"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-8991",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2014-8991"
},
{
"cve": "CVE-2015-2296",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2015-2296"
},
{
"cve": "CVE-2019-6778",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2019-6778"
},
{
"cve": "CVE-2020-10756",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2020-10756"
},
{
"cve": "CVE-2020-13645",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2020-13645"
},
{
"cve": "CVE-2020-1983",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2020-1983"
},
{
"cve": "CVE-2020-24455",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2020-24455"
},
{
"cve": "CVE-2020-25219",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2020-25219"
},
{
"cve": "CVE-2020-26154",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2020-26154"
},
{
"cve": "CVE-2020-29130",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2020-29130"
},
{
"cve": "CVE-2021-3592",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2021-3592"
},
{
"cve": "CVE-2021-3593",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2021-3593"
},
{
"cve": "CVE-2021-3594",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2021-3594"
},
{
"cve": "CVE-2021-3595",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2021-3595"
},
{
"cve": "CVE-2022-40897",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2022-40897"
},
{
"cve": "CVE-2023-22745",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2023-22745"
},
{
"cve": "CVE-2023-5752",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2023-5752"
},
{
"cve": "CVE-2024-25621",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2024-25621"
},
{
"cve": "CVE-2024-29040",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2024-29040"
},
{
"cve": "CVE-2024-6345",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2024-6345"
},
{
"cve": "CVE-2025-10911",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-10911"
},
{
"cve": "CVE-2025-11226",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-11226"
},
{
"cve": "CVE-2025-11468",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-11468"
},
{
"cve": "CVE-2025-11563",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-11563"
},
{
"cve": "CVE-2025-11731",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-11731"
},
{
"cve": "CVE-2025-12084",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-12084"
},
{
"cve": "CVE-2025-12781",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-12781"
},
{
"cve": "CVE-2025-1352",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-1352"
},
{
"cve": "CVE-2025-13601",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-13601"
},
{
"cve": "CVE-2025-1372",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-1372"
},
{
"cve": "CVE-2025-1376",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-1376"
},
{
"cve": "CVE-2025-1377",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-1377"
},
{
"cve": "CVE-2025-13836",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-13836"
},
{
"cve": "CVE-2025-13837",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-13837"
},
{
"cve": "CVE-2025-14087",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-14087"
},
{
"cve": "CVE-2025-14512",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-14512"
},
{
"cve": "CVE-2025-15281",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-15281"
},
{
"cve": "CVE-2025-15282",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-15282"
},
{
"cve": "CVE-2025-15366",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-15366"
},
{
"cve": "CVE-2025-15367",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-15367"
},
{
"cve": "CVE-2025-15467",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-15467"
},
{
"cve": "CVE-2025-24294",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-24294"
},
{
"cve": "CVE-2025-28162",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-28162"
},
{
"cve": "CVE-2025-28164",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-28164"
},
{
"cve": "CVE-2025-31133",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-31133"
},
{
"cve": "CVE-2025-3576",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-3576"
},
{
"cve": "CVE-2025-47273",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-47273"
},
{
"cve": "CVE-2025-52565",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-52565"
},
{
"cve": "CVE-2025-52881",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-52881"
},
{
"cve": "CVE-2025-53057",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-53057"
},
{
"cve": "CVE-2025-53666",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-53666"
},
{
"cve": "CVE-2025-54770",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-54770"
},
{
"cve": "CVE-2025-54771",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-54771"
},
{
"cve": "CVE-2025-54798",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-54798"
},
{
"cve": "CVE-2025-55752",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-55752"
},
{
"cve": "CVE-2025-59375",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-59375"
},
{
"cve": "CVE-2025-6075",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-6075"
},
{
"cve": "CVE-2025-61661",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-61661"
},
{
"cve": "CVE-2025-61662",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-61662"
},
{
"cve": "CVE-2025-61663",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-61663"
},
{
"cve": "CVE-2025-61664",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-61664"
},
{
"cve": "CVE-2025-61748",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-61748"
},
{
"cve": "CVE-2025-61795",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-61795"
},
{
"cve": "CVE-2025-61984",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-61984"
},
{
"cve": "CVE-2025-61985",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-61985"
},
{
"cve": "CVE-2025-64329",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-64329"
},
{
"cve": "CVE-2025-64505",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-64505"
},
{
"cve": "CVE-2025-64506",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-64506"
},
{
"cve": "CVE-2025-64720",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-64720"
},
{
"cve": "CVE-2025-64756",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-64756"
},
{
"cve": "CVE-2025-65018",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-65018"
},
{
"cve": "CVE-2025-66035",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-66035"
},
{
"cve": "CVE-2025-66293",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-66293"
},
{
"cve": "CVE-2025-66412",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-66412"
},
{
"cve": "CVE-2025-66614",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-66614"
},
{
"cve": "CVE-2025-67721",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-67721"
},
{
"cve": "CVE-2025-68160",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-68160"
},
{
"cve": "CVE-2025-68973",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-68973"
},
{
"cve": "CVE-2025-69418",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-69418"
},
{
"cve": "CVE-2025-69419",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-69419"
},
{
"cve": "CVE-2025-69420",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-69420"
},
{
"cve": "CVE-2025-69421",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-69421"
},
{
"cve": "CVE-2025-69873",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-69873"
},
{
"cve": "CVE-2025-7039",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-7039"
},
{
"cve": "CVE-2025-8291",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-8291"
},
{
"cve": "CVE-2025-9187",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-9187"
},
{
"cve": "CVE-2025-9820",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2025-9820"
},
{
"cve": "CVE-2026-0672",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2026-0672"
},
{
"cve": "CVE-2026-0861",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2026-0861"
},
{
"cve": "CVE-2026-0865",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2026-0865"
},
{
"cve": "CVE-2026-0915",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2026-0915"
},
{
"cve": "CVE-2026-0988",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2026-0988"
},
{
"cve": "CVE-2026-1484",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2026-1484"
},
{
"cve": "CVE-2026-1485",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2026-1485"
},
{
"cve": "CVE-2026-1489",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2026-1489"
},
{
"cve": "CVE-2026-22610",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2026-22610"
},
{
"cve": "CVE-2026-22695",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2026-22695"
},
{
"cve": "CVE-2026-22795",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2026-22795"
},
{
"cve": "CVE-2026-22796",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2026-22796"
},
{
"cve": "CVE-2026-22801",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2026-22801"
},
{
"cve": "CVE-2026-24734",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2026-24734"
},
{
"cve": "CVE-2026-24882",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2026-24882"
},
{
"cve": "CVE-2026-25646",
"product_status": {
"known_affected": [
"T053778",
"T051894",
"T052048"
]
},
"release_date": "2026-03-18T23:00:00.000+00:00",
"title": "CVE-2026-25646"
}
]
}
WID-SEC-W-2026-0935
Vulnerability from csaf_certbund - Published: 2026-03-31 22:00 - Updated: 2026-06-16 22:00Summary
Red Hat Ansible Automation Platform: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat Ansible Automation Platform ist eine End-to-End-Automatisierungsplattform für die Systemkonfiguration, die Softwarebereitstellung und die Orchestrierung erweiterter Workflows.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Ansible Automation Platform ausnutzen, um einen Denial of Service Angriff durchzuführen, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder Cross-Site-Scripting-Angriffe durchzuführen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
Red Hat Ansible Automation Platform 2.6
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.6
|
2.6 | |
|
Red Hat OpenShift Network Observability 1.11.2
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:network_observability_1.11.2
|
Network Observability 1.11.2 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
Red Hat OpenShift Migration Toolkit for Containers
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:migration_toolkit_for_containers
|
Migration Toolkit for Containers | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Ansible Automation Platform <2.5
Red Hat / Ansible Automation Platform
|
<2.5 | ||
|
Red Hat Ansible Automation Platform <2.6
Red Hat / Ansible Automation Platform
|
<2.6 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Ansible Automation Platform 2.5
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.5
|
2.5 | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— |
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
Red Hat Ansible Automation Platform 2.6
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.6
|
2.6 | |
|
Red Hat OpenShift Network Observability 1.11.2
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:network_observability_1.11.2
|
Network Observability 1.11.2 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
Red Hat OpenShift Migration Toolkit for Containers
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:migration_toolkit_for_containers
|
Migration Toolkit for Containers | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Ansible Automation Platform <2.5
Red Hat / Ansible Automation Platform
|
<2.5 | ||
|
Red Hat Ansible Automation Platform <2.6
Red Hat / Ansible Automation Platform
|
<2.6 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Ansible Automation Platform 2.5
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.5
|
2.5 | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— |
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
Red Hat Ansible Automation Platform 2.6
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.6
|
2.6 | |
|
Red Hat OpenShift Network Observability 1.11.2
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:network_observability_1.11.2
|
Network Observability 1.11.2 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
Red Hat OpenShift Migration Toolkit for Containers
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:migration_toolkit_for_containers
|
Migration Toolkit for Containers | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Ansible Automation Platform <2.5
Red Hat / Ansible Automation Platform
|
<2.5 | ||
|
Red Hat Ansible Automation Platform <2.6
Red Hat / Ansible Automation Platform
|
<2.6 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Ansible Automation Platform 2.5
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.5
|
2.5 | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— |
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
Red Hat Ansible Automation Platform 2.6
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.6
|
2.6 | |
|
Red Hat OpenShift Network Observability 1.11.2
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:network_observability_1.11.2
|
Network Observability 1.11.2 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
Red Hat OpenShift Migration Toolkit for Containers
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:migration_toolkit_for_containers
|
Migration Toolkit for Containers | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Ansible Automation Platform <2.5
Red Hat / Ansible Automation Platform
|
<2.5 | ||
|
Red Hat Ansible Automation Platform <2.6
Red Hat / Ansible Automation Platform
|
<2.6 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Ansible Automation Platform 2.5
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.5
|
2.5 | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— |
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
Red Hat Ansible Automation Platform 2.6
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.6
|
2.6 | |
|
Red Hat OpenShift Network Observability 1.11.2
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:network_observability_1.11.2
|
Network Observability 1.11.2 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
Red Hat OpenShift Migration Toolkit for Containers
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:migration_toolkit_for_containers
|
Migration Toolkit for Containers | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Ansible Automation Platform <2.5
Red Hat / Ansible Automation Platform
|
<2.5 | ||
|
Red Hat Ansible Automation Platform <2.6
Red Hat / Ansible Automation Platform
|
<2.6 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Ansible Automation Platform 2.5
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.5
|
2.5 | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— |
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
Red Hat Ansible Automation Platform 2.6
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.6
|
2.6 | |
|
Red Hat OpenShift Network Observability 1.11.2
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:network_observability_1.11.2
|
Network Observability 1.11.2 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
Red Hat OpenShift Migration Toolkit for Containers
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:migration_toolkit_for_containers
|
Migration Toolkit for Containers | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Ansible Automation Platform <2.5
Red Hat / Ansible Automation Platform
|
<2.5 | ||
|
Red Hat Ansible Automation Platform <2.6
Red Hat / Ansible Automation Platform
|
<2.6 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Ansible Automation Platform 2.5
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.5
|
2.5 | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— |
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
Red Hat Ansible Automation Platform 2.6
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.6
|
2.6 | |
|
Red Hat OpenShift Network Observability 1.11.2
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:network_observability_1.11.2
|
Network Observability 1.11.2 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
Red Hat OpenShift Migration Toolkit for Containers
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:migration_toolkit_for_containers
|
Migration Toolkit for Containers | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Ansible Automation Platform <2.5
Red Hat / Ansible Automation Platform
|
<2.5 | ||
|
Red Hat Ansible Automation Platform <2.6
Red Hat / Ansible Automation Platform
|
<2.6 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Ansible Automation Platform 2.5
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.5
|
2.5 | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— |
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
Red Hat Ansible Automation Platform 2.6
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.6
|
2.6 | |
|
Red Hat OpenShift Network Observability 1.11.2
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:network_observability_1.11.2
|
Network Observability 1.11.2 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
Red Hat OpenShift Migration Toolkit for Containers
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:migration_toolkit_for_containers
|
Migration Toolkit for Containers | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Ansible Automation Platform <2.5
Red Hat / Ansible Automation Platform
|
<2.5 | ||
|
Red Hat Ansible Automation Platform <2.6
Red Hat / Ansible Automation Platform
|
<2.6 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Ansible Automation Platform 2.5
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.5
|
2.5 | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— |
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
Red Hat Ansible Automation Platform 2.6
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.6
|
2.6 | |
|
Red Hat OpenShift Network Observability 1.11.2
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:network_observability_1.11.2
|
Network Observability 1.11.2 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
Red Hat OpenShift Migration Toolkit for Containers
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:migration_toolkit_for_containers
|
Migration Toolkit for Containers | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Ansible Automation Platform <2.5
Red Hat / Ansible Automation Platform
|
<2.5 | ||
|
Red Hat Ansible Automation Platform <2.6
Red Hat / Ansible Automation Platform
|
<2.6 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Ansible Automation Platform 2.5
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.5
|
2.5 | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— |
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
Red Hat Ansible Automation Platform 2.6
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.6
|
2.6 | |
|
Red Hat OpenShift Network Observability 1.11.2
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:network_observability_1.11.2
|
Network Observability 1.11.2 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
Red Hat OpenShift Migration Toolkit for Containers
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:migration_toolkit_for_containers
|
Migration Toolkit for Containers | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Ansible Automation Platform <2.5
Red Hat / Ansible Automation Platform
|
<2.5 | ||
|
Red Hat Ansible Automation Platform <2.6
Red Hat / Ansible Automation Platform
|
<2.6 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Ansible Automation Platform 2.5
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.5
|
2.5 | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— |
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
Red Hat Ansible Automation Platform 2.6
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.6
|
2.6 | |
|
Red Hat OpenShift Network Observability 1.11.2
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:network_observability_1.11.2
|
Network Observability 1.11.2 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.64
Red Hat / OpenShift
|
Container Platform <4.15.64 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
Red Hat OpenShift Migration Toolkit for Containers
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:migration_toolkit_for_containers
|
Migration Toolkit for Containers | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Ansible Automation Platform <2.5
Red Hat / Ansible Automation Platform
|
<2.5 | ||
|
Red Hat Ansible Automation Platform <2.6
Red Hat / Ansible Automation Platform
|
<2.6 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Ansible Automation Platform 2.5
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.5
|
2.5 | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— |
References
72 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Ansible Automation Platform ist eine End-to-End-Automatisierungsplattform f\u00fcr die Systemkonfiguration, die Softwarebereitstellung und die Orchestrierung erweiterter Workflows.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Ansible Automation Platform ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0935 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0935.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0935 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0935"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2026-03-31",
"url": "https://access.redhat.com/errata/RHSA-2026:6308"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2026-03-31",
"url": "https://access.redhat.com/errata/RHSA-2026:6309"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:6404 vom 2026-04-01",
"url": "https://access.redhat.com/errata/RHSA-2026:6404"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:6278 vom 2026-04-01",
"url": "https://access.redhat.com/errata/RHSA-2026:6278"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2026-3215 vom 2026-04-01",
"url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3215.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20929-1 vom 2026-04-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025088.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:5910 vom 2026-04-02",
"url": "https://access.redhat.com/errata/RHSA-2026:5910"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21021-1 vom 2026-04-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025209.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:8218 vom 2026-04-15",
"url": "https://access.redhat.com/errata/RHSA-2026:8218"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7269544 vom 2026-04-15",
"url": "https://www.ibm.com/support/pages/node/7269544"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:8490 vom 2026-04-16",
"url": "https://access.redhat.com/errata/RHSA-2026:8490"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:8437 vom 2026-04-16",
"url": "https://access.redhat.com/errata/RHSA-2026:8437"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:10184 vom 2026-04-23",
"url": "https://access.redhat.com/errata/RHSA-2026:10184"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:10093 vom 2026-04-29",
"url": "https://access.redhat.com/errata/RHSA-2026:10093"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:12176 vom 2026-04-30",
"url": "https://access.redhat.com/errata/RHSA-2026:12176"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:11916 vom 2026-04-30",
"url": "https://access.redhat.com/errata/RHSA-2026:11916"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:11856 vom 2026-04-29",
"url": "https://access.redhat.com/errata/RHSA-2026:11856"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-12176 vom 2026-05-01",
"url": "http://linux.oracle.com/errata/ELSA-2026-12176.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:13553 vom 2026-05-04",
"url": "https://access.redhat.com/errata/RHSA-2026:13553"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:13508 vom 2026-05-04",
"url": "https://access.redhat.com/errata/RHSA-2026:13508"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:13512 vom 2026-05-04",
"url": "https://access.redhat.com/errata/RHSA-2026:13512"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:13545 vom 2026-05-04",
"url": "https://access.redhat.com/errata/RHSA-2026:13545"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:13826 vom 2026-05-05",
"url": "https://access.redhat.com/errata/RHSA-2026:13826"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:13917 vom 2026-05-06",
"url": "https://access.redhat.com/errata/RHSA-2026:13917"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:13916 vom 2026-05-06",
"url": "https://access.redhat.com/errata/RHSA-2026:13916"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:13672 vom 2026-05-06",
"url": "https://errata.build.resf.org/RLSA-2026:13672"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:13902 vom 2026-05-06",
"url": "https://access.redhat.com/errata/RHSA-2026:13902"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-13916 vom 2026-05-07",
"url": "http://linux.oracle.com/errata/ELSA-2026-13916.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:13902 vom 2026-05-07",
"url": "https://errata.build.resf.org/RLSA-2026:13902"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:14020 vom 2026-05-06",
"url": "https://access.redhat.com/errata/RHSA-2026:14020"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-13917 vom 2026-05-07",
"url": "http://linux.oracle.com/errata/ELSA-2026-13917.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-85B819B928 vom 2026-05-08",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-85b819b928"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:13916 vom 2026-05-07",
"url": "https://errata.build.resf.org/RLSA-2026:13916"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:14873 vom 2026-05-07",
"url": "https://access.redhat.com/errata/RHSA-2026:14873"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:14874 vom 2026-05-07",
"url": "https://access.redhat.com/errata/RHSA-2026:14874"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-13902 vom 2026-05-07",
"url": "https://linux.oracle.com/errata/ELSA-2026-13902.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-301CBBE347 vom 2026-05-08",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-301cbbe347"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-793B55138D vom 2026-05-08",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-793b55138d"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:13917 vom 2026-05-07",
"url": "https://errata.build.resf.org/RLSA-2026:13917"
},
{
"category": "external",
"summary": "HCL Security Bulletin",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0130587"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4579 vom 2026-05-11",
"url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00023.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:16535 vom 2026-05-13",
"url": "https://access.redhat.com/errata/RHSA-2026:16535"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:15091 vom 2026-05-13",
"url": "https://access.redhat.com/errata/RHSA-2026:15091"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:14774 vom 2026-05-13",
"url": "https://access.redhat.com/errata/RHSA-2026:14774"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:17083 vom 2026-05-13",
"url": "https://access.redhat.com/errata/RHSA-2026:17083"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:16874 vom 2026-05-13",
"url": "https://access.redhat.com/errata/RHSA-2026:16874"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7273312 vom 2026-05-18",
"url": "https://www.ibm.com/support/pages/node/7273312"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19138 vom 2026-05-19",
"url": "https://access.redhat.com/errata/RHSA-2026:19138"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19355 vom 2026-05-20",
"url": "https://access.redhat.com/errata/RHSA-2026:19355"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19375 vom 2026-05-20",
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19712 vom 2026-05-21",
"url": "https://access.redhat.com/errata/RHSA-2026:19712"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:20588 vom 2026-05-26",
"url": "https://access.redhat.com/errata/RHSA-2026:20588"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:21431 vom 2026-05-28",
"url": "https://access.redhat.com/errata/RHSA-2026:21431"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:21517 vom 2026-05-28",
"url": "https://access.redhat.com/errata/RHSA-2026:21517"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:22131 vom 2026-06-01",
"url": "https://access.redhat.com/errata/RHSA-2026:22131"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:22134 vom 2026-06-01",
"url": "https://access.redhat.com/errata/RHSA-2026:22134"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:22135 vom 2026-06-01",
"url": "https://access.redhat.com/errata/RHSA-2026:22135"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:22133 vom 2026-06-01",
"url": "https://access.redhat.com/errata/RHSA-2026:22133"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:22132 vom 2026-06-01",
"url": "https://access.redhat.com/errata/RHSA-2026:22132"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:22330 vom 2026-06-01",
"url": "https://access.redhat.com/errata/RHSA-2026:22330"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:22465 vom 2026-06-02",
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:22970 vom 2026-06-04",
"url": "https://access.redhat.com/errata/RHSA-2026:22970"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:22969 vom 2026-06-04",
"url": "https://access.redhat.com/errata/RHSA-2026:22969"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:22987 vom 2026-06-04",
"url": "https://access.redhat.com/errata/RHSA-2026:22987"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:24761 vom 2026-06-09",
"url": "https://access.redhat.com/errata/RHSA-2026:24761"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:24977 vom 2026-06-10",
"url": "https://access.redhat.com/errata/RHSA-2026:24977"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:24762 vom 2026-06-09",
"url": "https://access.redhat.com/errata/RHSA-2026:24762"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:25041 vom 2026-06-10",
"url": "https://access.redhat.com/errata/RHSA-2026:25041"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:26214 vom 2026-06-16",
"url": "https://access.redhat.com/errata/RHSA-2026:26214"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:26211 vom 2026-06-16",
"url": "https://access.redhat.com/errata/RHSA-2026:26211"
}
],
"source_lang": "en-US",
"title": "Red Hat Ansible Automation Platform: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-06-16T22:00:00.000+00:00",
"generator": {
"date": "2026-06-17T09:00:13.440+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-0935",
"initial_release_date": "2026-03-31T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-03-31T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-04-01T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat, Amazon und SUSE aufgenommen"
},
{
"date": "2026-04-12T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-04-14T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-04-16T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-04-23T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-04-28T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-04-29T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-03T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2026-05-04T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-05T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat und Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2026-05-06T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Oracle Linux, Rocky Enterprise Software Foundation und Red Hat aufgenommen"
},
{
"date": "2026-05-07T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Fedora, Rocky Enterprise Software Foundation, Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2026-05-10T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von HCL aufgenommen"
},
{
"date": "2026-05-11T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2026-05-12T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-14T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-18T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-05-19T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-20T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-25T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-27T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-31T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-06-01T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-06-02T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-06-04T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-06-08T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-06-09T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-06-16T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "29"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "WebUI",
"product": {
"name": "HCL BigFix WebUI",
"product_id": "T036098",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:webui"
}
}
}
],
"category": "product_name",
"name": "BigFix"
}
],
"category": "vendor",
"name": "HCL"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM App Connect Enterprise",
"product": {
"name": "IBM App Connect Enterprise",
"product_id": "T051349",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:-"
}
}
},
{
"category": "product_name",
"name": "IBM DB2",
"product": {
"name": "IBM DB2",
"product_id": "T048379",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.5",
"product": {
"name": "Red Hat Ansible Automation Platform 2.5",
"product_id": "10155A9C-C5B0-4BB2-ABA3-E04187E2E74F",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform:2.5"
}
}
},
{
"category": "product_version",
"name": "2.6",
"product": {
"name": "Red Hat Ansible Automation Platform 2.6",
"product_id": "849D5C3D-731E-4D19-801F-338FD159A1BB",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform:2.6"
}
}
},
{
"category": "product_version_range",
"name": "\u003c2.5",
"product": {
"name": "Red Hat Ansible Automation Platform \u003c2.5",
"product_id": "T052317"
}
},
{
"category": "product_version",
"name": "2.5",
"product": {
"name": "Red Hat Ansible Automation Platform 2.5",
"product_id": "T052317-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform:2.5"
}
}
},
{
"category": "product_version_range",
"name": "\u003c2.6",
"product": {
"name": "Red Hat Ansible Automation Platform \u003c2.6",
"product_id": "T052318"
}
},
{
"category": "product_version",
"name": "2.6",
"product": {
"name": "Red Hat Ansible Automation Platform 2.6",
"product_id": "T052318-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform:2.6"
}
}
}
],
"category": "product_name",
"name": "Ansible Automation Platform"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "10.0 Extended Update Support",
"product": {
"name": "Red Hat Enterprise Linux 10.0 Extended Update Support",
"product_id": "T054024",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.0_extended_update_support"
}
}
},
{
"category": "product_version",
"name": "8.8",
"product": {
"name": "Red Hat Enterprise Linux 8.8",
"product_id": "T054696",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8.8"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Container Platform \u003c4.15.64",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.15.64",
"product_id": "T054018"
}
},
{
"category": "product_version",
"name": "Container Platform 4.15.64",
"product": {
"name": "Red Hat OpenShift Container Platform 4.15.64",
"product_id": "T054018-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.15.64"
}
}
},
{
"category": "product_version",
"name": "Network Observability 1.11.2",
"product": {
"name": "Red Hat OpenShift Network Observability 1.11.2",
"product_id": "T054021",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:network_observability_1.11.2"
}
}
},
{
"category": "product_version",
"name": "Migration Toolkit for Containers",
"product": {
"name": "Red Hat OpenShift Migration Toolkit for Containers",
"product_id": "T055205",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:migration_toolkit_for_containers"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-69223",
"product_status": {
"known_affected": [
"T054024",
"849D5C3D-731E-4D19-801F-338FD159A1BB",
"T054021",
"67646",
"T054018",
"T004914",
"T036098",
"T055205",
"T032255",
"74185",
"T054696",
"2951",
"T002207",
"T051349",
"T052317",
"T052318",
"398363",
"10155A9C-C5B0-4BB2-ABA3-E04187E2E74F",
"T048379"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2025-69223"
},
{
"cve": "CVE-2025-69873",
"product_status": {
"known_affected": [
"T054024",
"849D5C3D-731E-4D19-801F-338FD159A1BB",
"T054021",
"67646",
"T054018",
"T004914",
"T036098",
"T055205",
"T032255",
"74185",
"T054696",
"2951",
"T002207",
"T051349",
"T052317",
"T052318",
"398363",
"10155A9C-C5B0-4BB2-ABA3-E04187E2E74F",
"T048379"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2025-69873"
},
{
"cve": "CVE-2026-25639",
"product_status": {
"known_affected": [
"T054024",
"849D5C3D-731E-4D19-801F-338FD159A1BB",
"T054021",
"67646",
"T054018",
"T004914",
"T036098",
"T055205",
"T032255",
"74185",
"T054696",
"2951",
"T002207",
"T051349",
"T052317",
"T052318",
"398363",
"10155A9C-C5B0-4BB2-ABA3-E04187E2E74F",
"T048379"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2026-25639"
},
{
"cve": "CVE-2026-25990",
"product_status": {
"known_affected": [
"T054024",
"849D5C3D-731E-4D19-801F-338FD159A1BB",
"T054021",
"67646",
"T054018",
"T004914",
"T036098",
"T055205",
"T032255",
"74185",
"T054696",
"2951",
"T002207",
"T051349",
"T052317",
"T052318",
"398363",
"10155A9C-C5B0-4BB2-ABA3-E04187E2E74F",
"T048379"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2026-25990"
},
{
"cve": "CVE-2026-29074",
"product_status": {
"known_affected": [
"T054024",
"849D5C3D-731E-4D19-801F-338FD159A1BB",
"T054021",
"67646",
"T054018",
"T004914",
"T036098",
"T055205",
"T032255",
"74185",
"T054696",
"2951",
"T002207",
"T051349",
"T052317",
"T052318",
"398363",
"10155A9C-C5B0-4BB2-ABA3-E04187E2E74F",
"T048379"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2026-29074"
},
{
"cve": "CVE-2026-30827",
"product_status": {
"known_affected": [
"T054024",
"849D5C3D-731E-4D19-801F-338FD159A1BB",
"T054021",
"67646",
"T054018",
"T004914",
"T036098",
"T055205",
"T032255",
"74185",
"T054696",
"2951",
"T002207",
"T051349",
"T052317",
"T052318",
"398363",
"10155A9C-C5B0-4BB2-ABA3-E04187E2E74F",
"T048379"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2026-30827"
},
{
"cve": "CVE-2026-30922",
"product_status": {
"known_affected": [
"T054024",
"849D5C3D-731E-4D19-801F-338FD159A1BB",
"T054021",
"67646",
"T054018",
"T004914",
"T036098",
"T055205",
"T032255",
"74185",
"T054696",
"2951",
"T002207",
"T051349",
"T052317",
"T052318",
"398363",
"10155A9C-C5B0-4BB2-ABA3-E04187E2E74F",
"T048379"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2026-30922"
},
{
"cve": "CVE-2026-26007",
"product_status": {
"known_affected": [
"T054024",
"849D5C3D-731E-4D19-801F-338FD159A1BB",
"T054021",
"67646",
"T054018",
"T004914",
"T036098",
"T055205",
"T032255",
"74185",
"T054696",
"2951",
"T002207",
"T051349",
"T052317",
"T052318",
"398363",
"10155A9C-C5B0-4BB2-ABA3-E04187E2E74F",
"T048379"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2026-26007"
},
{
"cve": "CVE-2026-1615",
"product_status": {
"known_affected": [
"T054024",
"849D5C3D-731E-4D19-801F-338FD159A1BB",
"T054021",
"67646",
"T054018",
"T004914",
"T036098",
"T055205",
"T032255",
"74185",
"T054696",
"2951",
"T002207",
"T051349",
"T052317",
"T052318",
"398363",
"10155A9C-C5B0-4BB2-ABA3-E04187E2E74F",
"T048379"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2026-1615"
},
{
"cve": "CVE-2026-28498",
"product_status": {
"known_affected": [
"T054024",
"849D5C3D-731E-4D19-801F-338FD159A1BB",
"T054021",
"67646",
"T054018",
"T004914",
"T036098",
"T055205",
"T032255",
"74185",
"T054696",
"2951",
"T002207",
"T051349",
"T052317",
"T052318",
"398363",
"10155A9C-C5B0-4BB2-ABA3-E04187E2E74F",
"T048379"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2026-28498"
},
{
"cve": "CVE-2026-28802",
"product_status": {
"known_affected": [
"T054024",
"849D5C3D-731E-4D19-801F-338FD159A1BB",
"T054021",
"67646",
"T054018",
"T004914",
"T036098",
"T055205",
"T032255",
"74185",
"T054696",
"2951",
"T002207",
"T051349",
"T052317",
"T052318",
"398363",
"10155A9C-C5B0-4BB2-ABA3-E04187E2E74F",
"T048379"
]
},
"release_date": "2026-03-31T22:00:00.000+00:00",
"title": "CVE-2026-28802"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…