Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-7783 (GCVE-0-2025-7783)
Vulnerability from cvelistv5 – Published: 2025-07-18 16:34 – Updated: 2025-11-03 20:07- CWE-330 - Use of Insufficiently Random Values
| URL | Tags |
|---|---|
| https://github.com/form-data/form-data/security/a… | third-party-advisory |
| https://github.com/form-data/form-data/commit/3d1… | patch |
| https://lists.debian.org/debian-lts-announce/2025… |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7783",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-22T14:54:27.721309Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T14:54:31.105Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:07:41.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://npmjs.com/form-data",
"defaultStatus": "unaffected",
"packageName": "form-data",
"programFiles": [
"lib/form_data.js"
],
"repo": "https://github.com/form-data/form-data",
"versions": [
{
"status": "affected",
"version": "\u003c 2.5.4",
"versionType": "semver"
},
{
"status": "affected",
"version": "3.0.0 - 3.0.3",
"versionType": "semver"
},
{
"status": "affected",
"version": "4.0.0 - 4.0.3",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "https://github.com/benweissmann"
},
{
"lang": "en",
"type": "remediation developer",
"value": "https://github.com/benweissmann"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "https://github.com/ljharb"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP).\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003elib/form_data.Js\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects form-data: \u0026lt; 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.\u003c/p\u003e"
}
],
"value": "Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js.\n\nThis issue affects form-data: \u003c 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3."
}
],
"impacts": [
{
"capecId": "CAPEC-460",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-460 HTTP Parameter Pollution (HPP)"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330 Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-18T16:34:44.889Z",
"orgId": "7ffcee3d-2c14-4c3e-b844-86c6a321a158",
"shortName": "harborist"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4"
},
{
"tags": [
"patch"
],
"url": "https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Usage of unsafe random function in form-data for choosing boundary",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7ffcee3d-2c14-4c3e-b844-86c6a321a158",
"assignerShortName": "harborist",
"cveId": "CVE-2025-7783",
"datePublished": "2025-07-18T16:34:44.889Z",
"dateReserved": "2025-07-18T04:34:56.939Z",
"dateUpdated": "2025-11-03T20:07:41.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-7783",
"date": "2026-07-14",
"epss": "0.01735",
"percentile": "0.75014"
},
"microsoft_vex": {
"current_release_date": "2026-02-18T02:22:31.000Z",
"cve": "CVE-2025-7783",
"id": "msrc_CVE-2025-7783",
"initial_release_date": "2025-07-02T00:00:00.000Z",
"product_status:known_not_affected": "3",
"source": "Microsoft CSAF VEX",
"status": "final",
"title": "Usage of unsafe random function in form-data for choosing boundary",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-7783.json",
"version": "2"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-7783\",\"sourceIdentifier\":\"7ffcee3d-2c14-4c3e-b844-86c6a321a158\",\"published\":\"2025-07-18T17:15:44.747\",\"lastModified\":\"2026-06-17T10:05:39.033\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js.\\n\\nThis issue affects form-data: \u003c 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.\"},{\"lang\":\"es\",\"value\":\"La vulnerabilidad de uso de valores insuficientemente aleatorios en form-data permite la contaminaci\u00f3n de par\u00e1metros HTTP (HPP). Esta vulnerabilidad est\u00e1 asociada con los archivos de programa lib/form_data.Js. Este problema afecta a form-data: \u0026lt; 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.\"}],\"affected\":[{\"source\":\"7ffcee3d-2c14-4c3e-b844-86c6a321a158\",\"affectedData\":[{\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://npmjs.com/form-data\",\"packageName\":\"form-data\",\"programFiles\":[\"lib/form_data.js\"],\"repo\":\"https://github.com/form-data/form-data\",\"versions\":[{\"version\":\"\u003c 2.5.4\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"3.0.0 - 3.0.3\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"4.0.0 - 4.0.3\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"7ffcee3d-2c14-4c3e-b844-86c6a321a158\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":9.4,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-07-22T14:54:27.721309Z\",\"id\":\"CVE-2025-7783\",\"options\":[{\"exploitation\":\"poc\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"7ffcee3d-2c14-4c3e-b844-86c6a321a158\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-330\"}]}],\"references\":[{\"url\":\"https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0\",\"source\":\"7ffcee3d-2c14-4c3e-b844-86c6a321a158\"},{\"url\":\"https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4\",\"source\":\"7ffcee3d-2c14-4c3e-b844-86c6a321a158\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/07/msg00023.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
"redhat_vex": {
"aggregate_severity": "Moderate",
"current_release_date": "2026-07-09T23:23:19+00:00",
"cve": "CVE-2025-7783",
"id": "CVE-2025-7783",
"initial_release_date": "2025-07-18T16:34:44.889000+00:00",
"product_status:fixed": "195",
"product_status:known_affected": "72",
"product_status:known_not_affected": "995",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "form-data: Unsafe random function in form-data",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7783.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2025/07/msg00023.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T20:07:41.307Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-7783\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-22T14:54:27.721309Z\"}}}], \"references\": [{\"url\": \"https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-22T14:54:21.354Z\"}}], \"cna\": {\"title\": \"Usage of unsafe random function in form-data for choosing boundary\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"https://github.com/benweissmann\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"https://github.com/benweissmann\"}, {\"lang\": \"en\", \"type\": \"remediation reviewer\", \"value\": \"https://github.com/ljharb\"}], \"impacts\": [{\"capecId\": \"CAPEC-460\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-460 HTTP Parameter Pollution (HPP)\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 9.4, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/form-data/form-data\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 2.5.4\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.0.0 - 3.0.3\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"4.0.0 - 4.0.3\", \"versionType\": \"semver\"}], \"packageName\": \"form-data\", \"programFiles\": [\"lib/form_data.js\"], \"collectionURL\": \"https://npmjs.com/form-data\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0\", \"tags\": [\"patch\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js.\\n\\nThis issue affects form-data: \u003c 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP).\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003elib/form_data.Js\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects form-data: \u0026lt; 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-330\", \"description\": \"CWE-330 Use of Insufficiently Random Values\"}]}], \"providerMetadata\": {\"orgId\": \"7ffcee3d-2c14-4c3e-b844-86c6a321a158\", \"shortName\": \"harborist\", \"dateUpdated\": \"2025-07-18T16:34:44.889Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-7783\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T20:07:41.307Z\", \"dateReserved\": \"2025-07-18T04:34:56.939Z\", \"assignerOrgId\": \"7ffcee3d-2c14-4c3e-b844-86c6a321a158\", \"datePublished\": \"2025-07-18T16:34:44.889Z\", \"assignerShortName\": \"harborist\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:3406
Vulnerability from csaf_redhat - Published: 2026-02-26 07:14 - Updated: 2026-07-14 18:03A flaw was found in nodejs-underscore. Arbitrary code execution via the template function is possible, particularly when a variable property is passed as an argument as it is not sanitized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x | — |
A vulnerability was found in runc. A malicious attacker may create empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers and exploiting a race with os.MkdirAll. While this can be used to create empty files, existing files will not be truncated.
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x | — |
A flaw was found in the golang-jwt package. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by `ParseWithClaims` return both error codes. If users only check for the `jwt.ErrTokenExpired ` using `error.Is`, they can miss the embedded `jwt.ErrTokenSignatureInvalid`, and thus, potentially accept invalid tokens.
CWE-755 - Improper Handling of Exceptional Conditions| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x | — |
A flaw was found in nanoid. Affected versions of nanoid mishandles non-integer values. When nanoid is called with a fractional value, there were a number of undesirable effects: - In browser and non-secure, the code infinite loops on while (size--) - In node, the value of poolOffset becomes fractional, causing calls to nanoid to return zeroes until the pool is next filled: when i is initialized to poolOffset, pool[i] & 63 -> undefined & 63 -> 0 - If the first call in node is a fractional argument, the initial buffer allocation fails with an error The highest impact of this issue system availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x | — |
Scrapy are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occurs because brotli can achieve extremely high compression ratios for zero-filled data, leading to excessive memory consumption during decompression.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x | — |
Workaround
|
A vulnerability related to predictable random number generation has been discovered in the form-data JavaScript library. The library utilizes Math.random() to determine boundary values for multipart form-encoded data. This presents a security risk if an attacker can observe other values generated by Math.random() within the target application and simultaneously control at least one field of a request made using form-data. Under these conditions, the attacker could potentially predict or determine the boundary values. This predictability could be leveraged to bypass security controls, manipulate form data, or potentially lead to data integrity issues or other forms of exploitation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x | — |
Workaround
|
A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x | — |
Workaround
|
A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, ".")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x | — |
Workaround
|
A flaw was found in DOMPurify. This vulnerability allows attackers to execute mutation-based Cross-site scripting (mXSS) via an incorrect template literal regular expression.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x | — |
A flaw was found in urllib3. The `PoolManager` class allows redirects to be disabled by configuring retries in a specific manner, effectively bypassing intended HTTP redirection behavior. A network attacker can leverage this configuration to manipulate request flows and disrupt service. This bypass occurs through improper handling of retry parameters during PoolManager instantiation. This issue can reult in a denial of service or unintended data exposure due to altered request destinations.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x | — |
Workaround
|
A flaw was found in urllib3. The library fails to properly validate redirect URLs, allowing an attacker to manipulate redirect chains when used in environments like Pyodide utilizing the JavaScript Fetch API. This lack of validation can enable a remote attacker to control the redirect destination, leading to arbitrary URL redirection. Consequently, an attacker can redirect users to malicious websites. This vulnerability stems from a failure to constrain the redirect target.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x | — |
Workaround
|
A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x | — |
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data; CWE-409) on the client side, even if the application only requested a small chunk of data.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x | — |
Workaround
|
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A new version of Red Hat build of Ceph Storage has been released",
"title": "Topic"
},
{
"category": "general",
"text": "The Red Hat Storage Ceph container images are based on the latest ubi9 base image and Ceph 9.0.\nThis release updates to the latest version.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:3406",
"url": "https://access.redhat.com/errata/RHSA-2026:3406"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2021-23358",
"url": "https://access.redhat.com/security/cve/CVE-2021-23358"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-51744",
"url": "https://access.redhat.com/security/cve/CVE-2024-51744"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-55565",
"url": "https://access.redhat.com/security/cve/CVE-2024-55565"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-14104",
"url": "https://access.redhat.com/security/cve/CVE-2025-14104"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22868",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-26791",
"url": "https://access.redhat.com/security/cve/CVE-2025-26791"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6176",
"url": "https://access.redhat.com/security/cve/CVE-2025-6176"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66418",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66471",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-7783",
"url": "https://access.redhat.com/security/cve/CVE-2025-7783"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-21441",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://bugzilla.redhat.com/show_bug.cgi?id=2408762",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408762"
},
{
"category": "external",
"summary": "https://bugzilla.redhat.com/show_bug.cgi?id=2419369",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419369"
},
{
"category": "external",
"summary": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455"
},
{
"category": "external",
"summary": "https://bugzilla.redhat.com/show_bug.cgi?id=2419467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419467"
},
{
"category": "external",
"summary": "https://bugzilla.redhat.com/show_bug.cgi?id=2427726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427726"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_ceph_storage/",
"url": "https://docs.redhat.com/en/documentation/red_hat_ceph_storage/"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHCEPH-12073",
"url": "https://issues.redhat.com/browse/RHCEPH-12073"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHCEPH-12075",
"url": "https://issues.redhat.com/browse/RHCEPH-12075"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHCEPH-12417",
"url": "https://issues.redhat.com/browse/RHCEPH-12417"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHCEPH-12470",
"url": "https://issues.redhat.com/browse/RHCEPH-12470"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHCEPH-12508",
"url": "https://issues.redhat.com/browse/RHCEPH-12508"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHCEPH-12555",
"url": "https://issues.redhat.com/browse/RHCEPH-12555"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHCEPH-12558",
"url": "https://issues.redhat.com/browse/RHCEPH-12558"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHCEPH-12577",
"url": "https://issues.redhat.com/browse/RHCEPH-12577"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3406.json"
}
],
"title": "Red Hat Security Advisory: New container image: rhceph-9.0",
"tracking": {
"current_release_date": "2026-07-14T18:03:47+00:00",
"generator": {
"date": "2026-07-14T18:03:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:3406",
"initial_release_date": "2026-02-26T07:14:51+00:00",
"revision_history": [
{
"date": "2026-02-26T07:14:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-20T17:26:42+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-14T18:03:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ceph Storage 9",
"product": {
"name": "Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ceph_storage:9::el10"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ceph Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"product_id": "registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel10@sha256%3A5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771399331"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"product": {
"name": "registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"product_id": "registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/alloy-rhel10@sha256%3A731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771399158"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3A5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771398877"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel10@sha256%3A2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771399022"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"product_id": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-9-rhel9@sha256%3Ad2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771816028"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel10@sha256%3A9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771399060"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"product": {
"name": "registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"product_id": "registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"product_identification_helper": {
"purl": "pkg:oci/alloy-rhel10@sha256%3Ac6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771399158"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"product_id": "registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel10@sha256%3A2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771399331"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3A25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771398877"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel10@sha256%3A6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771399022"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"product_id": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-9-rhel9@sha256%3A53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771816028"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel10@sha256%3Ab8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771399060"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"product_id": "registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/alloy-rhel10@sha256%3A9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771399158"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"product_id": "registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel10@sha256%3Af2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771399331"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3Abbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771398877"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel10@sha256%3A3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771399022"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"product_id": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-9-rhel9@sha256%3Aca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771816028"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel10@sha256%3A1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771399060"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"product": {
"name": "registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"product_id": "registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"product_identification_helper": {
"purl": "pkg:oci/alloy-rhel10@sha256%3Ae1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771399158"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"product_id": "registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel10@sha256%3A11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771399331"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3Acac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771398877"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel10@sha256%3A2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771399022"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"product_id": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-9-rhel9@sha256%3A8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771816028"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel10@sha256%3Aeb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771399060"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64 as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64"
},
"product_reference": "registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64 as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64"
},
"product_reference": "registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x"
},
"product_reference": "registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64 as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64 as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64 as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64 as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64 as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64 as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64 as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64 as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64 as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64 as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-23358",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2021-03-29T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1944286"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-underscore. Arbitrary code execution via the template function is possible, particularly when a variable property is passed as an argument as it is not sanitized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-underscore: Arbitrary code execution via the template function",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Whilst the OpenShift Container Platform (OCP) openshift4/ose-grafana and openshift3/grafana as well as console, grc-ui and search-ui containers for Red Hat Advanced Management for Kubernetes (RHACM) include the vulnerable underscore library, the access to it is protected by OpenShift OAuth. Additionally this library is used in openshift4/ose-grafana container only in Grafana End-to-End Test package. Therefore the impact by this flaw is reduced to Low and the affected OCP components are marked as \"will not fix\" at this time and to Moderate for the affected RHACM components. This might be fixed in a future release.\n\nRed Hat Enterprise Virtualization includes the vulnerable underscore library, however it is not parsing any untrusted data, therefore impact is reduced to Low.\n\nBelow Red Hat products include the underscore dependency, but it is not used by the product and hence this issue has been rated as having a security impact of Low.\n\n* Red Hat Quay\n* Red Hat Gluster Storage 3\n* Red Hat OpenShift Container Storage 4\n* Red Hat Ceph Storage 3 and 4",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23358"
},
{
"category": "external",
"summary": "RHBZ#1944286",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944286"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23358",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23358"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23358"
}
],
"release_date": "2021-03-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-26T07:14:51+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3406"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs-underscore: Arbitrary code execution via the template function"
},
{
"cve": "CVE-2024-45310",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2024-09-03T02:38:04.977000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2309336"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in runc. A malicious attacker may create empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers and exploiting a race with os.MkdirAll. While this can be used to create empty files, existing files will not be truncated.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: runc can be tricked into creating empty files/directories on host",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45310"
},
{
"category": "external",
"summary": "RHBZ#2309336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309336"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45310",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45310"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45310",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45310"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv",
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv"
}
],
"release_date": "2024-09-03T11:17:32.277000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-26T07:14:51+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3406"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "runc: runc can be tricked into creating empty files/directories on host"
},
{
"cve": "CVE-2024-51744",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"discovery_date": "2024-11-04T22:01:08.655905+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2323735"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang-jwt package. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by `ParseWithClaims` return both error codes. If users only check for the `jwt.ErrTokenExpired ` using `error.Is`, they can miss the embedded `jwt.ErrTokenSignatureInvalid`, and thus, potentially accept invalid tokens.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-51744"
},
{
"category": "external",
"summary": "RHBZ#2323735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-51744",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51744"
},
{
"category": "external",
"summary": "https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c",
"url": "https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c"
},
{
"category": "external",
"summary": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r",
"url": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r"
}
],
"release_date": "2024-11-04T21:47:12.170000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-26T07:14:51+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3406"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt"
},
{
"cve": "CVE-2024-55565",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2024-12-09T02:00:45.255738+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331063"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nanoid. Affected versions of nanoid mishandles non-integer values. When nanoid is called with a fractional value, there were a number of undesirable effects:\n\n- In browser and non-secure, the code infinite loops on while (size--)\n- In node, the value of poolOffset becomes fractional, causing calls to nanoid to return zeroes until the pool is next filled: when i is initialized to poolOffset, pool[i] \u0026 63 -\u003e undefined \u0026 63 -\u003e 0\n- If the first call in node is a fractional argument, the initial buffer allocation fails with an error\n\nThe highest impact of this issue system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nanoid: nanoid mishandles non-integer values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-55565"
},
{
"category": "external",
"summary": "RHBZ#2331063",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331063"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-55565",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55565"
},
{
"category": "external",
"summary": "https://github.com/ai/nanoid/compare/3.3.7...3.3.8",
"url": "https://github.com/ai/nanoid/compare/3.3.7...3.3.8"
},
{
"category": "external",
"summary": "https://github.com/ai/nanoid/pull/510",
"url": "https://github.com/ai/nanoid/pull/510"
},
{
"category": "external",
"summary": "https://github.com/ai/nanoid/releases/tag/5.0.9",
"url": "https://github.com/ai/nanoid/releases/tag/5.0.9"
}
],
"release_date": "2024-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-26T07:14:51+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3406"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nanoid: nanoid mishandles non-integer values"
},
{
"cve": "CVE-2025-6176",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-10-31T01:00:56.408048+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2408762"
}
],
"notes": [
{
"category": "description",
"text": "Scrapy are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occurs because brotli can achieve extremely high compression ratios for zero-filled data, leading to excessive memory consumption during decompression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. The flaw in Scrapy\u0027s brotli decompression implementation allows remote attackers to trigger a denial of service by sending specially crafted brotli-compressed data. This can lead to excessive memory consumption and system instability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64"
],
"known_not_affected": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6176"
},
{
"category": "external",
"summary": "RHBZ#2408762",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408762"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6176",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6176"
},
{
"category": "external",
"summary": "https://huntr.com/bounties/2c26a886-5984-47ee-a421-0d5fe1344eb0",
"url": "https://huntr.com/bounties/2c26a886-5984-47ee-a421-0d5fe1344eb0"
}
],
"release_date": "2025-10-31T00:00:21.219000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-26T07:14:51+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3406"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS"
},
{
"cve": "CVE-2025-7783",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-07-18T17:00:43.396637+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2381959"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability related to predictable random number generation has been discovered in the form-data JavaScript library. The library utilizes Math.random() to determine boundary values for multipart form-encoded data.\n\nThis presents a security risk if an attacker can observe other values generated by Math.random() within the target application and simultaneously control at least one field of a request made using form-data. Under these conditions, the attacker could potentially predict or determine the boundary values. This predictability could be leveraged to bypass security controls, manipulate form data, or potentially lead to data integrity issues or other forms of exploitation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "form-data: Unsafe random function in form-data",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw does not affect host systems. The impact of this vulnerability is limited to specific applications which integrate the `form-data` library. As a result the impact of this CVE is limited on RedHat systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7783"
},
{
"category": "external",
"summary": "RHBZ#2381959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2381959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7783",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7783"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0",
"url": "https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4",
"url": "https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4"
}
],
"release_date": "2025-07-18T16:34:44.889000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-26T07:14:51+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3406"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "form-data: Unsafe random function in form-data"
},
{
"cve": "CVE-2025-14104",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-12-05T14:16:36.004000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419369"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64"
],
"known_not_affected": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-14104"
},
{
"category": "external",
"summary": "RHBZ#2419369",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419369"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-14104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14104"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104"
}
],
"release_date": "2025-12-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-26T07:14:51+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3406"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames"
},
{
"acknowledgments": [
{
"names": [
"jub0bs"
]
}
],
"cve": "CVE-2025-22868",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2025-02-26T04:00:44.350024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348366"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, \".\")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "RHBZ#2348366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://go.dev/cl/652155",
"url": "https://go.dev/cl/652155"
},
{
"category": "external",
"summary": "https://go.dev/issue/71490",
"url": "https://go.dev/issue/71490"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3488",
"url": "https://pkg.go.dev/vuln/GO-2025-3488"
}
],
"release_date": "2025-02-26T03:07:49.012000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-26T07:14:51+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3406"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, it is recommended to pre-validate any payloads passed to `go-jose` to check that they do not contain an excessive amount of `.` characters.",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws"
},
{
"cve": "CVE-2025-26791",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2025-02-14T09:00:45.578144+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2345695"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in DOMPurify. This vulnerability allows attackers to execute mutation-based Cross-site scripting (mXSS) via an incorrect template literal regular expression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dompurify: Mutation XSS in DOMPurify Due to Improper Template Literal Handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-26791"
},
{
"category": "external",
"summary": "RHBZ#2345695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345695"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-26791",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26791"
},
{
"category": "external",
"summary": "https://ensy.zip/posts/dompurify-323-bypass/",
"url": "https://ensy.zip/posts/dompurify-323-bypass/"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/commit/d18ffcb554e0001748865da03ac75dd7829f0f02",
"url": "https://github.com/cure53/DOMPurify/commit/d18ffcb554e0001748865da03ac75dd7829f0f02"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/releases/tag/3.2.4",
"url": "https://github.com/cure53/DOMPurify/releases/tag/3.2.4"
},
{
"category": "external",
"summary": "https://nsysean.github.io/posts/dompurify-323-bypass/",
"url": "https://nsysean.github.io/posts/dompurify-323-bypass/"
}
],
"release_date": "2025-02-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-26T07:14:51+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3406"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dompurify: Mutation XSS in DOMPurify Due to Improper Template Literal Handling"
},
{
"cve": "CVE-2025-50181",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2025-06-19T02:00:42.866992+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373799"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3. The `PoolManager` class allows redirects to be disabled by configuring retries in a specific manner, effectively bypassing intended HTTP redirection behavior. A network attacker can leverage this configuration to manipulate request flows and disrupt service. This bypass occurs through improper handling of retry parameters during PoolManager instantiation. This issue can reult in a denial of service or unintended data exposure due to altered request destinations.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A flaw was found in the urllib3 library where it could be tricked into disclosing the Proxy-Authorization header to a destination server when a CONNECT tunnel is used. An attacker can set up a malicious redirect to a crafted URL, which, when followed by the client application, will cause the Proxy-Authorization header to be sent to the attacker-controlled server. This leaks sensitive credentials for the proxy. The impact is primarily on confidentiality. While urllib3 is a ubiquitous component, the vulnerability requires a specific scenario where a user is connecting to a proxy that requires authentication and is redirected to a malicious endpoint. This lowers the exploitability compared to a direct, unauthenticated remote attack, thus, warranting a Moderate severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-50181"
},
{
"category": "external",
"summary": "RHBZ#2373799",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373799"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-50181",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50181"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857",
"url": "https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v"
}
],
"release_date": "2025-06-19T01:08:00.340000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-26T07:14:51+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3406"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "urllib3: urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation"
},
{
"cve": "CVE-2025-50182",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2025-06-19T02:00:45.813042+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373800"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3. The library fails to properly validate redirect URLs, allowing an attacker to manipulate redirect chains when used in environments like Pyodide utilizing the JavaScript Fetch API. This lack of validation can enable a remote attacker to control the redirect destination, leading to arbitrary URL redirection. Consequently, an attacker can redirect users to malicious websites. This \nvulnerability stems from a failure to constrain the redirect target.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 does not control redirects in browsers and Node.js",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability lies in the urllib3 library\u0027s inability to control HTTP redirects when executed within a Pyodide runtime. This can lead to Server-Side Request Forgery (SSRF) attacks, where an attacker can induce the application to make requests to unintended internal or external resources. While urllib3 is a ubiquitous library in the Python ecosystem and is present in many Red Hat products, the vulnerability is specific to its use within the less common Pyodide (Python in a browser) environment. The attack complexity is high as it requires a specific application context where user-supplied input is used to construct a request URL in a Pyodide-based application that also attempts to mitigate SSRF by disabling redirects. The impact is primarily on confidentiality, as a successful exploit could lead to the disclosure of sensitive information from the server\u0027s local network. Given the specific and less common configuration required for exploitation, the severity is rated as Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-50182"
},
{
"category": "external",
"summary": "RHBZ#2373800",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373800"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-50182",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50182"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f",
"url": "https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-48p4-8xcf-vxj5",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-48p4-8xcf-vxj5"
}
],
"release_date": "2025-06-19T01:42:44.921000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-26T07:14:51+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3406"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "urllib3: urllib3 does not control redirects in browsers and Node.js"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-05T17:01:20.277857+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419455"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64"
],
"known_not_affected": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "RHBZ#2419455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8",
"url": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53"
}
],
"release_date": "2025-12-05T16:02:15.271000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-26T07:14:51+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3406"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion"
},
{
"cve": "CVE-2025-66471",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2025-12-05T17:02:21.597728+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419467"
}
],
"notes": [
{
"category": "description",
"text": "A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data; CWE-409) on the client side, even if the application only requested a small chunk of data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 Streaming API improperly handles highly compressed data",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw in urllib3\u0027s streaming API that can lead to excessive resource consumption, including high CPU usage and significant memory allocation. When processing highly compressed data from untrusted sources, even small requested chunks can trigger full decompression, posing a denial-of-service risk to client-side applications utilizing affected urllib3 versions prior to 2.6.0.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64"
],
"known_not_affected": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "RHBZ#2419467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7",
"url": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37"
}
],
"release_date": "2025-12-05T16:06:08.531000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-26T07:14:51+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3406"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 Streaming API improperly handles highly compressed data"
},
{
"cve": "CVE-2026-21441",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-01-07T23:01:59.422078+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427726"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is an HTTP client library for Python. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64"
],
"known_not_affected": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "RHBZ#2427726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427726"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b",
"url": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99"
}
],
"release_date": "2026-01-07T22:09:01.936000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-26T07:14:51+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3406"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)"
}
]
}
SSA-485750
Vulnerability from csaf_siemens - Published: 2026-03-10 00:00 - Updated: 2026-03-10 00:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIDIS Prime
Siemens / SIDIS Prime
|
vers:intdot/<4.0.800 |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIDIS Prime
Siemens / SIDIS Prime
|
vers:intdot/<4.0.800 |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIDIS Prime
Siemens / SIDIS Prime
|
vers:intdot/<4.0.800 |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIDIS Prime
Siemens / SIDIS Prime
|
vers:intdot/<4.0.800 |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIDIS Prime
Siemens / SIDIS Prime
|
vers:intdot/<4.0.800 |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIDIS Prime
Siemens / SIDIS Prime
|
vers:intdot/<4.0.800 |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIDIS Prime
Siemens / SIDIS Prime
|
vers:intdot/<4.0.800 |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIDIS Prime
Siemens / SIDIS Prime
|
vers:intdot/<4.0.800 |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIDIS Prime
Siemens / SIDIS Prime
|
vers:intdot/<4.0.800 |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIDIS Prime
Siemens / SIDIS Prime
|
vers:intdot/<4.0.800 |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIDIS Prime
Siemens / SIDIS Prime
|
vers:intdot/<4.0.800 |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIDIS Prime
Siemens / SIDIS Prime
|
vers:intdot/<4.0.800 |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIDIS Prime
Siemens / SIDIS Prime
|
vers:intdot/<4.0.800 |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIDIS Prime
Siemens / SIDIS Prime
|
vers:intdot/<4.0.800 |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIDIS Prime
Siemens / SIDIS Prime
|
vers:intdot/<4.0.800 |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIDIS Prime
Siemens / SIDIS Prime
|
vers:intdot/<4.0.800 |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIDIS Prime
Siemens / SIDIS Prime
|
vers:intdot/<4.0.800 |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIDIS Prime
Siemens / SIDIS Prime
|
vers:intdot/<4.0.800 |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIDIS Prime
Siemens / SIDIS Prime
|
vers:intdot/<4.0.800 |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIDIS Prime
Siemens / SIDIS Prime
|
vers:intdot/<4.0.800 |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIDIS Prime
Siemens / SIDIS Prime
|
vers:intdot/<4.0.800 |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIDIS Prime
Siemens / SIDIS Prime
|
vers:intdot/<4.0.800 |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIDIS Prime
Siemens / SIDIS Prime
|
vers:intdot/<4.0.800 |
Vendor Fix
|
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "SIDIS Prime before V4.0.800 is affected by multiple vulnerabilities in the components OpenSSL, SQLite, and several Node.js packages as described below.\n\nSiemens has released a new version of SIDIS Prime and recommends to update to the latest version.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-485750: Multiple Vulnerabilities in SIDIS Prime Before V4.0.800 - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-485750.html"
},
{
"category": "self",
"summary": "SSA-485750: Multiple Vulnerabilities in SIDIS Prime Before V4.0.800 - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-485750.json"
}
],
"title": "SSA-485750: Multiple Vulnerabilities in SIDIS Prime Before V4.0.800",
"tracking": {
"current_release_date": "2026-03-10T00:00:00.000Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-485750",
"initial_release_date": "2026-03-10T00:00:00.000Z",
"revision_history": [
{
"date": "2026-03-10T00:00:00.000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
}
],
"status": "interim",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c4.0.800",
"product": {
"name": "SIDIS Prime",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "SIDIS Prime"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-29857",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-29857"
},
{
"cve": "CVE-2024-30171",
"cwe": {
"id": "CWE-203",
"name": "Observable Discrepancy"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-30171"
},
{
"cve": "CVE-2024-30172",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-30172"
},
{
"cve": "CVE-2024-41996",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2024-41996"
},
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"notes": [
{
"category": "summary",
"text": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-6965"
},
{
"cve": "CVE-2025-7783",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"notes": [
{
"category": "summary",
"text": "Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js.\r\n\r\nThis issue affects form-data: \u003c 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-7783"
},
{
"cve": "CVE-2025-9230",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-9230"
},
{
"cve": "CVE-2025-9232",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the \u0027no_proxy\u0027 environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na \u0027no_proxy\u0027 environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-9232"
},
{
"cve": "CVE-2025-9670",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"notes": [
{
"category": "summary",
"text": "A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-9670"
},
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-436",
"name": "Interpretation Conflict"
},
"notes": [
{
"category": "summary",
"text": "An interpretation-conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-12816"
},
{
"cve": "CVE-2025-15284",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Improper Input Validation vulnerability in qs (parse modules) allows HTTP DoS.This issue affects qs: \u003c 6.14.1.\n\n\nSummaryThe arrayLimit\u00a0option in qs does not enforce limits for bracket notation (a[]=1\u0026a[]=2), allowing attackers to cause denial-of-service via memory exhaustion. Applications using arrayLimit\u00a0for DoS protection are vulnerable.\n\nDetailsThe arrayLimit\u00a0option only checks limits for indexed notation (a[0]=1\u0026a[1]=2) but completely bypasses it for bracket notation (a[]=1\u0026a[]=2).\n\nVulnerable code\u00a0(lib/parse.js:159-162):\n\nif (root === \u0027[]\u0027 \u0026\u0026 options.parseArrays) {\n obj = utils.combine([], leaf); // No arrayLimit check\n}\n\n\n\n\n\nWorking code\u00a0(lib/parse.js:175):\n\nelse if (index \u003c= options.arrayLimit) { // Limit checked here\n obj = [];\n obj[index] = leaf;\n}\n\n\n\n\n\nThe bracket notation handler at line 159 uses utils.combine([], leaf)\u00a0without validating against options.arrayLimit, while indexed notation at line 175 checks index \u003c= options.arrayLimit\u00a0before creating arrays.\n\nPoCTest 1 - Basic bypass:\n\nnpm install qs\n\n\n\n\n\nconst qs = require(\u0027qs\u0027);\nconst result = qs.parse(\u0027a[]=1\u0026a[]=2\u0026a[]=3\u0026a[]=4\u0026a[]=5\u0026a[]=6\u0027, { arrayLimit: 5 });\nconsole.log(result.a.length); // Output: 6 (should be max 5)\n\n\n\n\n\nTest 2 - DoS demonstration:\n\nconst qs = require(\u0027qs\u0027);\nconst attack = \u0027a[]=\u0027 + Array(10000).fill(\u0027x\u0027).join(\u0027\u0026a[]=\u0027);\nconst result = qs.parse(attack, { arrayLimit: 100 });\nconsole.log(result.a.length); // Output: 10000 (should be max 100)\n\n\n\n\n\nConfiguration:\n\n * arrayLimit: 5\u00a0(test 1) or arrayLimit: 100\u00a0(test 2)\n * Use bracket notation: a[]=value\u00a0(not indexed a[0]=value)\n\n\nImpactDenial of Service via memory exhaustion. Affects applications using qs.parse()\u00a0with user-controlled input and arrayLimit\u00a0for protection.\n\nAttack scenario:\n\n * Attacker sends HTTP request: GET /api/search?filters[]=x\u0026filters[]=x\u0026...\u0026filters[]=x\u00a0(100,000+ times)\n * Application parses with qs.parse(query, { arrayLimit: 100 })\n * qs ignores limit, parses all 100,000 elements into array\n * Server memory exhausted \u2192 application crashes or becomes unresponsive\n * Service unavailable for all users\nReal-world impact:\n\n * Single malicious request can crash server\n * No authentication required\n * Easy to automate and scale\n * Affects any endpoint parsing query strings with bracket notation",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-15284"
},
{
"cve": "CVE-2025-58751",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the public directory were served bypassing the `server.fs` settings. Only apps that explicitly expose the Vite dev server to the network (using --host or `server.host` config option), use the public directory feature (enabled by default), and have a symlink in the public directory are affected. Versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20 fix the issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-58751"
},
{
"cve": "CVE-2025-58752",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"notes": [
{
"category": "summary",
"text": "Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, any HTML files on the machine were served regardless of the `server.fs` settings. Only apps that explicitly expose the Vite dev server to the network (using --host or server.host config option) and use `appType: \u0027spa\u0027` (default) or `appType: \u0027mpa\u0027` are affected. This vulnerability also affects the preview server. The preview server allowed HTML files not under the output directory to be served. Versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20 fix the issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-58752"
},
{
"cve": "CVE-2025-58754",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "summary",
"text": "Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response. This path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested `responseType: \u0027stream\u0027`. Versions 0.30.2 and 1.12.0 contain a patch for the issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-58754"
},
{
"cve": "CVE-2025-62522",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Vite is a frontend tooling framework for JavaScript. In versions from 2.9.18 to before 3.0.0, 3.2.9 to before 4.0.0, 4.5.3 to before 5.0.0, 5.2.6 to before 5.4.21, 6.0.0 to before 6.4.1, 7.0.0 to before 7.0.8, and 7.1.0 to before 7.1.11, files denied by server.fs.deny were sent if the URL ended with \\ when the dev server is running on Windows. Only apps explicitly exposing the Vite dev server to the network and running the dev server on Windows were affected. This issue has been patched in versions 5.4.21, 6.4.1, 7.0.8, and 7.1.11.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-62522"
},
{
"cve": "CVE-2025-64718",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"notes": [
{
"category": "summary",
"text": "js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it\u0027s possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse untrusted yaml documents may be impacted. The problem is patched in js-yaml 4.1.1 and 3.14.2. Users can protect against this kind of attack on the server by using `node --disable-proto=delete` or `deno` (in Deno, pollution protection is on by default).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-64718"
},
{
"cve": "CVE-2025-64756",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c \u003ccommand\u003e \u003cpatterns\u003e are used, matched filenames are passed to a shell with shell: true, enabling shell metacharacters in filenames to trigger command injection and achieve arbitrary code execution under the user or CI account privileges. This issue has been patched in versions 10.5.0 and 11.1.0.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-64756"
},
{
"cve": "CVE-2025-66030",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-66030"
},
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "summary",
"text": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-66031"
},
{
"cve": "CVE-2025-66035",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"notes": [
{
"category": "summary",
"text": "Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular\u0027s HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-66035"
},
{
"cve": "CVE-2025-66412",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler\u0027s internal security schema is incomplete, allowing attackers to bypass Angular\u0027s built-in security sanitization. Specifically, the schema fails to classify certain URL-holding attributes (e.g., those that could contain javascript: URLs) as requiring strict URL security, enabling the injection of malicious scripts. This vulnerability is fixed in 21.0.2, 20.3.15, and 19.2.17.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-66412"
},
{
"cve": "CVE-2025-69277",
"cwe": {
"id": "CWE-184",
"name": "Incomplete List of Disallowed Inputs"
},
"notes": [
{
"category": "summary",
"text": "libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren\u0027t in the main cryptographic group.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2025-69277"
},
{
"cve": "CVE-2026-22610",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0, a cross-site scripting (XSS) vulnerability has been identified in the Angular Template Compiler. The vulnerability exists because Angular\u2019s internal sanitization schema fails to recognize the href and xlink:href attributes of SVG \u003cscript\u003e elements as a Resource URL context. This issue has been patched in versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V4.0.800 or later version",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1"
]
}
],
"title": "CVE-2026-22610"
}
]
}
SUSE-SU-2025:3919-1
Vulnerability from csaf_suse - Published: 2025-11-03 10:32 - Updated: 2025-11-03 10:32| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-18.20.8-8.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-devel-18.20.8-8.41.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-docs-18.20.8-8.41.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:npm18-18.20.8-8.41.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs18",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs18 fixes the following issues:\n\n - CVE-2025-7783: Switched away from Math.random() in boundary values for multipart form-encoded data (bsc#1246818)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3919,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-3919",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_3919-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:3919-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20253919-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:3919-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023140.html"
},
{
"category": "self",
"summary": "SUSE Bug 1246818",
"url": "https://bugzilla.suse.com/1246818"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-7783 page",
"url": "https://www.suse.com/security/cve/CVE-2025-7783/"
}
],
"title": "Security update for nodejs18",
"tracking": {
"current_release_date": "2025-11-03T10:32:00Z",
"generator": {
"date": "2025-11-03T10:32:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:3919-1",
"initial_release_date": "2025-11-03T10:32:00Z",
"revision_history": [
{
"date": "2025-11-03T10:32:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "corepack18-18.20.8-8.41.1.aarch64",
"product": {
"name": "corepack18-18.20.8-8.41.1.aarch64",
"product_id": "corepack18-18.20.8-8.41.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs18-18.20.8-8.41.1.aarch64",
"product": {
"name": "nodejs18-18.20.8-8.41.1.aarch64",
"product_id": "nodejs18-18.20.8-8.41.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs18-devel-18.20.8-8.41.1.aarch64",
"product": {
"name": "nodejs18-devel-18.20.8-8.41.1.aarch64",
"product_id": "nodejs18-devel-18.20.8-8.41.1.aarch64"
}
},
{
"category": "product_version",
"name": "npm18-18.20.8-8.41.1.aarch64",
"product": {
"name": "npm18-18.20.8-8.41.1.aarch64",
"product_id": "npm18-18.20.8-8.41.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack18-18.20.8-8.41.1.i586",
"product": {
"name": "corepack18-18.20.8-8.41.1.i586",
"product_id": "corepack18-18.20.8-8.41.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs18-18.20.8-8.41.1.i586",
"product": {
"name": "nodejs18-18.20.8-8.41.1.i586",
"product_id": "nodejs18-18.20.8-8.41.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs18-devel-18.20.8-8.41.1.i586",
"product": {
"name": "nodejs18-devel-18.20.8-8.41.1.i586",
"product_id": "nodejs18-devel-18.20.8-8.41.1.i586"
}
},
{
"category": "product_version",
"name": "npm18-18.20.8-8.41.1.i586",
"product": {
"name": "npm18-18.20.8-8.41.1.i586",
"product_id": "npm18-18.20.8-8.41.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs18-docs-18.20.8-8.41.1.noarch",
"product": {
"name": "nodejs18-docs-18.20.8-8.41.1.noarch",
"product_id": "nodejs18-docs-18.20.8-8.41.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack18-18.20.8-8.41.1.ppc64le",
"product": {
"name": "corepack18-18.20.8-8.41.1.ppc64le",
"product_id": "corepack18-18.20.8-8.41.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs18-18.20.8-8.41.1.ppc64le",
"product": {
"name": "nodejs18-18.20.8-8.41.1.ppc64le",
"product_id": "nodejs18-18.20.8-8.41.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs18-devel-18.20.8-8.41.1.ppc64le",
"product": {
"name": "nodejs18-devel-18.20.8-8.41.1.ppc64le",
"product_id": "nodejs18-devel-18.20.8-8.41.1.ppc64le"
}
},
{
"category": "product_version",
"name": "npm18-18.20.8-8.41.1.ppc64le",
"product": {
"name": "npm18-18.20.8-8.41.1.ppc64le",
"product_id": "npm18-18.20.8-8.41.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack18-18.20.8-8.41.1.s390x",
"product": {
"name": "corepack18-18.20.8-8.41.1.s390x",
"product_id": "corepack18-18.20.8-8.41.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs18-18.20.8-8.41.1.s390x",
"product": {
"name": "nodejs18-18.20.8-8.41.1.s390x",
"product_id": "nodejs18-18.20.8-8.41.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs18-devel-18.20.8-8.41.1.s390x",
"product": {
"name": "nodejs18-devel-18.20.8-8.41.1.s390x",
"product_id": "nodejs18-devel-18.20.8-8.41.1.s390x"
}
},
{
"category": "product_version",
"name": "npm18-18.20.8-8.41.1.s390x",
"product": {
"name": "npm18-18.20.8-8.41.1.s390x",
"product_id": "npm18-18.20.8-8.41.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack18-18.20.8-8.41.1.x86_64",
"product": {
"name": "corepack18-18.20.8-8.41.1.x86_64",
"product_id": "corepack18-18.20.8-8.41.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs18-18.20.8-8.41.1.x86_64",
"product": {
"name": "nodejs18-18.20.8-8.41.1.x86_64",
"product_id": "nodejs18-18.20.8-8.41.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs18-devel-18.20.8-8.41.1.x86_64",
"product": {
"name": "nodejs18-devel-18.20.8-8.41.1.x86_64",
"product_id": "nodejs18-devel-18.20.8-8.41.1.x86_64"
}
},
{
"category": "product_version",
"name": "npm18-18.20.8-8.41.1.x86_64",
"product": {
"name": "npm18-18.20.8-8.41.1.x86_64",
"product_id": "npm18-18.20.8-8.41.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.8-8.41.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-18.20.8-8.41.1.x86_64"
},
"product_reference": "nodejs18-18.20.8-8.41.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.8-8.41.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-devel-18.20.8-8.41.1.x86_64"
},
"product_reference": "nodejs18-devel-18.20.8-8.41.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-docs-18.20.8-8.41.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-docs-18.20.8-8.41.1.noarch"
},
"product_reference": "nodejs18-docs-18.20.8-8.41.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.8-8.41.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:npm18-18.20.8-8.41.1.x86_64"
},
"product_reference": "npm18-18.20.8-8.41.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-7783",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-7783"
}
],
"notes": [
{
"category": "general",
"text": "Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js.\n\nThis issue affects form-data: \u003c 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-18.20.8-8.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-devel-18.20.8-8.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-docs-18.20.8-8.41.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:npm18-18.20.8-8.41.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-7783",
"url": "https://www.suse.com/security/cve/CVE-2025-7783"
},
{
"category": "external",
"summary": "SUSE Bug 1246810 for CVE-2025-7783",
"url": "https://bugzilla.suse.com/1246810"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-18.20.8-8.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-devel-18.20.8-8.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-docs-18.20.8-8.41.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:npm18-18.20.8-8.41.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-18.20.8-8.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-devel-18.20.8-8.41.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-docs-18.20.8-8.41.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:npm18-18.20.8-8.41.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-03T10:32:00Z",
"details": "important"
}
],
"title": "CVE-2025-7783"
}
]
}
WID-SEC-W-2025-1854
Vulnerability from csaf_certbund - Published: 2025-08-17 22:00 - Updated: 2025-10-12 22:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:-
|
— | |
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:-
|
— | |
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:-
|
— | |
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:-
|
— | |
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:-
|
— | |
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:-
|
— | |
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:-
|
— | |
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:-
|
— | |
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:-
|
— | |
|
HCL BigFix
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
— |
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "BigFix ist eine L\u00f6sung zum Erkennen und Verwalten von physischen und virtuellen Endpunkten.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in HCL BigFix Komponente ausnutzen, um Sicherheitsvorkehrungen zu umgehen, um einen Denial of Service Angriff durchzuf\u00fchren, um Daten zu manipulieren, um Informationen offenzulegen, und um einen Cross-Site Scripting Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1854 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1854.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1854 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1854"
},
{
"category": "external",
"summary": "HCL Security Bulletin KB0123330 vom 2025-08-17",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0123330"
},
{
"category": "external",
"summary": "HCL Security Advisory vom 2025-10-11",
"url": "https://support.hcl-software.com/community?id=community_blog\u0026sys_id=7e13ad453becfa94cb0155f726e45a99"
}
],
"source_lang": "en-US",
"title": "HCL BigFix Komponente: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-10-12T22:00:00.000+00:00",
"generator": {
"date": "2025-10-13T08:50:03.918+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-1854",
"initial_release_date": "2025-08-17T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-08-17T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-10-12T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von HCL aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "HCL BigFix",
"product": {
"name": "HCL BigFix",
"product_id": "T036098",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:webui"
}
}
},
{
"category": "product_name",
"name": "HCL BigFix",
"product": {
"name": "HCL BigFix",
"product_id": "T046294",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:-"
}
}
}
],
"category": "product_name",
"name": "BigFix"
}
],
"category": "vendor",
"name": "HCL"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-3817",
"product_status": {
"known_affected": [
"T046294",
"T036098"
]
},
"release_date": "2025-08-17T22:00:00.000+00:00",
"title": "CVE-2023-3817"
},
{
"cve": "CVE-2023-5678",
"product_status": {
"known_affected": [
"T046294",
"T036098"
]
},
"release_date": "2025-08-17T22:00:00.000+00:00",
"title": "CVE-2023-5678"
},
{
"cve": "CVE-2025-52617",
"product_status": {
"known_affected": [
"T046294",
"T036098"
]
},
"release_date": "2025-08-17T22:00:00.000+00:00",
"title": "CVE-2025-52617"
},
{
"cve": "CVE-2025-52618",
"product_status": {
"known_affected": [
"T046294",
"T036098"
]
},
"release_date": "2025-08-17T22:00:00.000+00:00",
"title": "CVE-2025-52618"
},
{
"cve": "CVE-2025-52619",
"product_status": {
"known_affected": [
"T046294",
"T036098"
]
},
"release_date": "2025-08-17T22:00:00.000+00:00",
"title": "CVE-2025-52619"
},
{
"cve": "CVE-2025-52620",
"product_status": {
"known_affected": [
"T046294",
"T036098"
]
},
"release_date": "2025-08-17T22:00:00.000+00:00",
"title": "CVE-2025-52620"
},
{
"cve": "CVE-2025-52621",
"product_status": {
"known_affected": [
"T046294",
"T036098"
]
},
"release_date": "2025-08-17T22:00:00.000+00:00",
"title": "CVE-2025-52621"
},
{
"cve": "CVE-2025-7338",
"product_status": {
"known_affected": [
"T046294",
"T036098"
]
},
"release_date": "2025-08-17T22:00:00.000+00:00",
"title": "CVE-2025-7338"
},
{
"cve": "CVE-2025-7783",
"product_status": {
"known_affected": [
"T046294",
"T036098"
]
},
"release_date": "2025-08-17T22:00:00.000+00:00",
"title": "CVE-2025-7783"
}
]
}
WID-SEC-W-2025-1929
Vulnerability from csaf_certbund - Published: 2025-08-28 22:00 - Updated: 2026-01-25 23:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 Big SQL
IBM / DB2
|
cpe:/a:ibm:db2:big_sql
|
Big SQL | |
|
IBM App Connect Enterprise <12.0.12.17
IBM / App Connect Enterprise
|
<12.0.12.17 | ||
|
IBM App Connect Enterprise <13.0.4.2
IBM / App Connect Enterprise
|
<13.0.4.2 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 Big SQL
IBM / DB2
|
cpe:/a:ibm:db2:big_sql
|
Big SQL | |
|
IBM App Connect Enterprise <12.0.12.17
IBM / App Connect Enterprise
|
<12.0.12.17 | ||
|
IBM App Connect Enterprise <13.0.4.2
IBM / App Connect Enterprise
|
<13.0.4.2 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 Big SQL
IBM / DB2
|
cpe:/a:ibm:db2:big_sql
|
Big SQL | |
|
IBM App Connect Enterprise <12.0.12.17
IBM / App Connect Enterprise
|
<12.0.12.17 | ||
|
IBM App Connect Enterprise <13.0.4.2
IBM / App Connect Enterprise
|
<13.0.4.2 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM App Connect Enterprise kombiniert die branchenbew\u00e4hrten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, um Daten zu manipulieren, und um Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1929 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1929.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1929 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1929"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7243409 vom 2025-08-28",
"url": "https://www.ibm.com/support/pages/node/7243409"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7243688 vom 2025-09-01",
"url": "https://www.ibm.com/support/pages/node/7243688"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7243690 vom 2025-09-01",
"url": "https://www.ibm.com/support/pages/node/7243690"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7245979 vom 2025-09-24",
"url": "https://www.ibm.com/support/pages/node/7245979"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7257916 vom 2026-01-23",
"url": "https://www.ibm.com/support/pages/node/7257916"
}
],
"source_lang": "en-US",
"title": "IBM App Connect Enterprise: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-01-25T23:00:00.000+00:00",
"generator": {
"date": "2026-01-26T09:37:01.702+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-1929",
"initial_release_date": "2025-08-28T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-08-28T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-09-01T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-09-23T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-01-25T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM App Connect Enterprise",
"product": {
"name": "IBM App Connect Enterprise",
"product_id": "T032495",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c12.0.12.17",
"product": {
"name": "IBM App Connect Enterprise \u003c12.0.12.17",
"product_id": "T046460"
}
},
{
"category": "product_version",
"name": "12.0.12.17",
"product": {
"name": "IBM App Connect Enterprise 12.0.12.17",
"product_id": "T046460-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:v12__fix_pack_release_12.0.12.17"
}
}
},
{
"category": "product_version_range",
"name": "\u003c13.0.4.2",
"product": {
"name": "IBM App Connect Enterprise \u003c13.0.4.2",
"product_id": "T046621"
}
},
{
"category": "product_version",
"name": "13.0.4.2",
"product": {
"name": "IBM App Connect Enterprise 13.0.4.2",
"product_id": "T046621-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:13.0.4.2"
}
}
}
],
"category": "product_name",
"name": "App Connect Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "Big SQL",
"product": {
"name": "IBM DB2 Big SQL",
"product_id": "T022379",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:big_sql"
}
}
}
],
"category": "product_name",
"name": "DB2"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-7338",
"product_status": {
"known_affected": [
"T022379",
"T046460",
"T046621",
"T032495"
]
},
"release_date": "2025-08-28T22:00:00.000+00:00",
"title": "CVE-2025-7338"
},
{
"cve": "CVE-2025-7339",
"product_status": {
"known_affected": [
"T022379",
"T046460",
"T046621",
"T032495"
]
},
"release_date": "2025-08-28T22:00:00.000+00:00",
"title": "CVE-2025-7339"
},
{
"cve": "CVE-2025-7783",
"product_status": {
"known_affected": [
"T022379",
"T046460",
"T046621",
"T032495"
]
},
"release_date": "2025-08-28T22:00:00.000+00:00",
"title": "CVE-2025-7783"
}
]
}
WID-SEC-W-2025-2150
Vulnerability from csaf_certbund - Published: 2025-09-29 22:00 - Updated: 2026-02-16 23:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux RHACS 4.9.0
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:rhacs_4.9.0
|
RHACS 4.9.0 | |
|
IBM Business Automation Workflow
IBM
|
cpe:/a:ibm:business_automation_workflow:-
|
— | |
|
Red Hat Enterprise Linux Developer Hub <1.8.0
Red Hat / Enterprise Linux
|
Developer Hub <1.8.0 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
Red Hat Enterprise Linux RHACS 4.7.7
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:rhacs_4.7.7
|
RHACS 4.7.7 | |
|
Red Hat Enterprise Linux RHACS 4.8.5
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:rhacs_4.8.5
|
RHACS 4.8.5 |
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux ausnutzen, um Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2150 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2150.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2150 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2150"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2025-09-29",
"url": "https://access.redhat.com/errata/RHSA-2025:16911"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2025-09-29",
"url": "https://access.redhat.com/errata/RHSA-2025:16916"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2025-09-29",
"url": "https://access.redhat.com/errata/RHSA-2025:16918"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:18278 vom 2025-10-18",
"url": "https://access.redhat.com/errata/RHSA-2025:18278"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:18744 vom 2025-10-21",
"url": "https://access.redhat.com/errata/RHSA-2025:18744"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7249661 vom 2025-10-30",
"url": "https://www.ibm.com/support/pages/node/7249661"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:19335 vom 2025-10-30",
"url": "https://access.redhat.com/errata/RHSA-2025:19335"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:19332 vom 2025-11-03",
"url": "https://access.redhat.com/errata/RHSA-2025:19332"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:20047 vom 2025-11-10",
"url": "https://access.redhat.com/errata/RHSA-2025:20047"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:21146 vom 2025-11-12",
"url": "https://access.redhat.com/errata/RHSA-2025:21146"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:21704 vom 2025-11-18",
"url": "https://access.redhat.com/errata/RHSA-2025:21704"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7251934 vom 2025-11-19",
"url": "https://www.ibm.com/support/pages/node/7251934"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7976-1 vom 2026-01-27",
"url": "https://ubuntu.com/security/notices/USN-7976-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2737 vom 2026-02-16",
"url": "https://access.redhat.com/errata/RHSA-2026:2737"
}
],
"source_lang": "en-US",
"title": "Red Hat Enterprise Linux: Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsvorkehrungen",
"tracking": {
"current_release_date": "2026-02-16T23:00:00.000+00:00",
"generator": {
"date": "2026-02-17T09:10:34.099+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-2150",
"initial_release_date": "2025-09-29T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-09-29T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-10-19T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-10-20T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-10-30T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von IBM und Red Hat aufgenommen"
},
{
"date": "2025-11-03T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-11-10T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-11-12T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-11-18T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-11-19T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-01-26T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2026-02-16T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "11"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM Business Automation Workflow",
"product": {
"name": "IBM Business Automation Workflow",
"product_id": "T043411",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:-"
}
}
},
{
"category": "product_name",
"name": "IBM QRadar SIEM",
"product": {
"name": "IBM QRadar SIEM",
"product_id": "T021415",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "RHACS 4.9.0",
"product": {
"name": "Red Hat Enterprise Linux RHACS 4.9.0",
"product_id": "T047229",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:rhacs_4.9.0"
}
}
},
{
"category": "product_version",
"name": "RHACS 4.7.7",
"product": {
"name": "Red Hat Enterprise Linux RHACS 4.7.7",
"product_id": "T047230",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:rhacs_4.7.7"
}
}
},
{
"category": "product_version",
"name": "RHACS 4.8.5",
"product": {
"name": "Red Hat Enterprise Linux RHACS 4.8.5",
"product_id": "T047231",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:rhacs_4.8.5"
}
}
},
{
"category": "product_version_range",
"name": "Developer Hub \u003c1.8.0",
"product": {
"name": "Red Hat Enterprise Linux Developer Hub \u003c1.8.0",
"product_id": "T048395"
}
},
{
"category": "product_version",
"name": "Developer Hub 1.8.0",
"product": {
"name": "Red Hat Enterprise Linux Developer Hub 1.8.0",
"product_id": "T048395-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:developer_hub__1.8.0"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-7783",
"product_status": {
"known_affected": [
"T047229",
"T043411",
"T048395",
"67646",
"T000126",
"T021415",
"T047230",
"T047231"
]
},
"release_date": "2025-09-29T22:00:00.000+00:00",
"title": "CVE-2025-7783"
}
]
}
WID-SEC-W-2025-2165
Vulnerability from csaf_certbund - Published: 2025-09-30 22:00 - Updated: 2025-10-05 22:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Qlik Sense Enterprise <May 2025 Patch 6
Qlik / Sense
|
Enterprise <May 2025 Patch 6 | ||
|
Qlik Sense Enterprise <November 2024 Patch 18
Qlik / Sense
|
Enterprise <November 2024 Patch 18 | ||
|
Qlik Sense Enterprise <May 2024 Patch 24
Qlik / Sense
|
Enterprise <May 2024 Patch 24 |
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Qlik Sense ist eine Datenanalyse- und Business-Intelligence-Plattform, mit der Benutzer interaktive Dashboards, Visualisierungen und Berichte erstellen k\u00f6nnen, um Erkenntnisse zu gewinnen und datengest\u00fctzte Entscheidungen zu treffen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Qlik Sense ausnutzen, um Sicherheitsvorkehrungen zu umgehen.\r\nUpdate:\r\nNeuen Informationen von Qlik zufolge kann die Schwachstelle in Qlik Sense nicht ausgenutzt werden",
"title": "Angriff"
},
{
"category": "general",
"text": "- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2165 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2165.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2165 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2165"
},
{
"category": "external",
"summary": "Critical Security Fix vom 2025-09-30",
"url": "https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/ta-p/2532151"
},
{
"category": "external",
"summary": "Qlik Security PAtches vom 2025-09-30",
"url": "https://community.qlik.com/t5/Support-Updates/Qlik-Sense-Enterprise-for-Windows-New-Security-Patches-Available/ba-p/2532152"
}
],
"source_lang": "en-US",
"title": "Qlik Sense: Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsvorkehrungen",
"tracking": {
"current_release_date": "2025-10-05T22:00:00.000+00:00",
"generator": {
"date": "2025-10-06T09:20:07.713+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-2165",
"initial_release_date": "2025-09-30T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-09-30T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-10-05T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Informationen von Qlik aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Enterprise \u003cMay 2025 Patch 6",
"product": {
"name": "Qlik Sense Enterprise \u003cMay 2025 Patch 6",
"product_id": "T047299"
}
},
{
"category": "product_version",
"name": "Enterprise May 2025 Patch 6",
"product": {
"name": "Qlik Sense Enterprise May 2025 Patch 6",
"product_id": "T047299-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:qlik:qlik_sense:enterprise__may_2025_patch_6"
}
}
},
{
"category": "product_version_range",
"name": "Enterprise \u003cNovember 2024 Patch 18",
"product": {
"name": "Qlik Sense Enterprise \u003cNovember 2024 Patch 18",
"product_id": "T047300"
}
},
{
"category": "product_version",
"name": "Enterprise November 2024 Patch 18",
"product": {
"name": "Qlik Sense Enterprise November 2024 Patch 18",
"product_id": "T047300-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:qlik:qlik_sense:enterprise__november_2024_patch_18"
}
}
},
{
"category": "product_version_range",
"name": "Enterprise \u003cMay 2024 Patch 24",
"product": {
"name": "Qlik Sense Enterprise \u003cMay 2024 Patch 24",
"product_id": "T047301"
}
},
{
"category": "product_version",
"name": "Enterprise May 2024 Patch 24",
"product": {
"name": "Qlik Sense Enterprise May 2024 Patch 24",
"product_id": "T047301-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:qlik:qlik_sense:enterprise__may_2024_patch_24"
}
}
}
],
"category": "product_name",
"name": "Sense"
}
],
"category": "vendor",
"name": "Qlik"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-7783",
"product_status": {
"known_affected": [
"T047299",
"T047300",
"T047301"
]
},
"release_date": "2025-09-30T22:00:00.000+00:00",
"title": "CVE-2025-7783"
}
]
}
WID-SEC-W-2025-2424
Vulnerability from csaf_certbund - Published: 2025-10-27 23:00 - Updated: 2025-10-28 23:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Team Concert <2.1.0
IBM / Rational Team Concert
|
<2.1.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Team Concert <2.1.0
IBM / Rational Team Concert
|
<2.1.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Team Concert <2.1.0
IBM / Rational Team Concert
|
<2.1.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Team Concert <2.1.0
IBM / Rational Team Concert
|
<2.1.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Team Concert <2.1.0
IBM / Rational Team Concert
|
<2.1.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Team Concert <2.1.0
IBM / Rational Team Concert
|
<2.1.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Team Concert <2.1.0
IBM / Rational Team Concert
|
<2.1.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Team Concert <2.1.0
IBM / Rational Team Concert
|
<2.1.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Team Concert <2.1.0
IBM / Rational Team Concert
|
<2.1.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Team Concert <2.1.0
IBM / Rational Team Concert
|
<2.1.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Team Concert <2.1.0
IBM / Rational Team Concert
|
<2.1.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Team Concert <2.1.0
IBM / Rational Team Concert
|
<2.1.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Team Concert <2.1.0
IBM / Rational Team Concert
|
<2.1.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Team Concert <2.1.0
IBM / Rational Team Concert
|
<2.1.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Team Concert <2.1.0
IBM / Rational Team Concert
|
<2.1.0 |
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM Rational Team Concert ist ein Kollaborationstool zur Software Entwicklung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in IBM Rational Team Concert ausnutzen, um einen Denial-of-Service-Angriff durchzuf\u00fchren, Eingaben oder Protokolle zu manipulieren, die Authentifizierung zu umgehen, beliebigen Code auszuf\u00fchren, Cross-Site-Scripting durchzuf\u00fchren, sensible Informationen offenzulegen oder offene Weiterleitungen auszul\u00f6sen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2424 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2424.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2424 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2424"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-10-27",
"url": "https://www.ibm.com/support/pages/node/7249356"
}
],
"source_lang": "en-US",
"title": "IBM Rational Team Concert: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-10-28T23:00:00.000+00:00",
"generator": {
"date": "2025-10-29T07:03:32.478+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-2424",
"initial_release_date": "2025-10-27T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-10-27T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-10-28T23:00:00.000+00:00",
"number": "2",
"summary": "Referenz(en) aufgenommen: EUVD-2025-36531, EUVD-2025-36533, EUVD-2025-36532"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.1.0",
"product": {
"name": "IBM Rational Team Concert \u003c2.1.0",
"product_id": "T048164"
}
},
{
"category": "product_version",
"name": "2.1.0",
"product": {
"name": "IBM Rational Team Concert 2.1.0",
"product_id": "T048164-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:rational_team_concert:2.1.0"
}
}
}
],
"category": "product_name",
"name": "Rational Team Concert"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-23337",
"product_status": {
"known_affected": [
"T048164"
]
},
"release_date": "2025-10-27T23:00:00.000+00:00",
"title": "CVE-2024-23337"
},
{
"cve": "CVE-2024-33531",
"product_status": {
"known_affected": [
"T048164"
]
},
"release_date": "2025-10-27T23:00:00.000+00:00",
"title": "CVE-2024-33531"
},
{
"cve": "CVE-2025-22874",
"product_status": {
"known_affected": [
"T048164"
]
},
"release_date": "2025-10-27T23:00:00.000+00:00",
"title": "CVE-2025-22874"
},
{
"cve": "CVE-2025-32379",
"product_status": {
"known_affected": [
"T048164"
]
},
"release_date": "2025-10-27T23:00:00.000+00:00",
"title": "CVE-2025-32379"
},
{
"cve": "CVE-2025-36081",
"product_status": {
"known_affected": [
"T048164"
]
},
"release_date": "2025-10-27T23:00:00.000+00:00",
"title": "CVE-2025-36081"
},
{
"cve": "CVE-2025-36083",
"product_status": {
"known_affected": [
"T048164"
]
},
"release_date": "2025-10-27T23:00:00.000+00:00",
"title": "CVE-2025-36083"
},
{
"cve": "CVE-2025-36085",
"product_status": {
"known_affected": [
"T048164"
]
},
"release_date": "2025-10-27T23:00:00.000+00:00",
"title": "CVE-2025-36085"
},
{
"cve": "CVE-2025-45768",
"product_status": {
"known_affected": [
"T048164"
]
},
"release_date": "2025-10-27T23:00:00.000+00:00",
"title": "CVE-2025-45768"
},
{
"cve": "CVE-2025-48060",
"product_status": {
"known_affected": [
"T048164"
]
},
"release_date": "2025-10-27T23:00:00.000+00:00",
"title": "CVE-2025-48060"
},
{
"cve": "CVE-2025-50181",
"product_status": {
"known_affected": [
"T048164"
]
},
"release_date": "2025-10-27T23:00:00.000+00:00",
"title": "CVE-2025-50181"
},
{
"cve": "CVE-2025-50182",
"product_status": {
"known_affected": [
"T048164"
]
},
"release_date": "2025-10-27T23:00:00.000+00:00",
"title": "CVE-2025-50182"
},
{
"cve": "CVE-2025-53547",
"product_status": {
"known_affected": [
"T048164"
]
},
"release_date": "2025-10-27T23:00:00.000+00:00",
"title": "CVE-2025-53547"
},
{
"cve": "CVE-2025-7338",
"product_status": {
"known_affected": [
"T048164"
]
},
"release_date": "2025-10-27T23:00:00.000+00:00",
"title": "CVE-2025-7338"
},
{
"cve": "CVE-2025-7783",
"product_status": {
"known_affected": [
"T048164"
]
},
"release_date": "2025-10-27T23:00:00.000+00:00",
"title": "CVE-2025-7783"
},
{
"cve": "CVE-2025-9288",
"product_status": {
"known_affected": [
"T048164"
]
},
"release_date": "2025-10-27T23:00:00.000+00:00",
"title": "CVE-2025-9288"
}
]
}
WID-SEC-W-2026-0204
Vulnerability from csaf_certbund - Published: 2026-01-22 23:00 - Updated: 2026-01-22 23:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 Big SQL <8.2.1
IBM / DB2
|
Big SQL <8.2.1 |
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM DB2 Big SQ ausnutzen, um Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0204 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0204.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0204 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0204"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2026-01-22",
"url": "https://www.ibm.com/support/pages/node/7257889"
}
],
"source_lang": "en-US",
"title": "IBM DB2 Big SQL: Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsvorkehrungen",
"tracking": {
"current_release_date": "2026-01-22T23:00:00.000+00:00",
"generator": {
"date": "2026-01-23T12:46:13.464+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0204",
"initial_release_date": "2026-01-22T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-01-22T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Big SQL \u003c8.2.1",
"product": {
"name": "IBM DB2 Big SQL \u003c8.2.1",
"product_id": "T050281"
}
},
{
"category": "product_version",
"name": "Big SQL 8.2.1",
"product": {
"name": "IBM DB2 Big SQL 8.2.1",
"product_id": "T050281-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:big_sql__8.2.1"
}
}
}
],
"category": "product_name",
"name": "DB2"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-7783",
"product_status": {
"known_affected": [
"T050281"
]
},
"release_date": "2026-01-22T23:00:00.000+00:00",
"title": "CVE-2025-7783"
}
]
}
WID-SEC-W-2026-0559
Vulnerability from csaf_certbund - Published: 2026-03-01 23:00 - Updated: 2026-03-01 23:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM Rational Build Forge ist ein Framework zur Automatisierung und Standardisierung des Softwareerstellungsprozesses",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in IBM Rational Build Forge ausnutzen, um Sicherheitsvorkehrungen zu umgehen, um beliebigen Programmcode auszuf\u00fchren, um einen Denial of Service Angriff durchzuf\u00fchren, um Informationen offenzulegen, und um Dateien zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0559 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0559.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0559 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0559"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7262249 vom 2026-03-01",
"url": "https://www.ibm.com/support/pages/node/7262249"
}
],
"source_lang": "en-US",
"title": "IBM Rational Build Forge: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-03-01T23:00:00.000+00:00",
"generator": {
"date": "2026-03-02T11:27:19.791+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0559",
"initial_release_date": "2026-03-01T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-03-01T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.0.0.29",
"product": {
"name": "IBM Rational Build Forge \u003c8.0.0.29",
"product_id": "T051329"
}
},
{
"category": "product_version",
"name": "8.0.0.29",
"product": {
"name": "IBM Rational Build Forge 8.0.0.29",
"product_id": "T051329-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:rational_build_forge:8.0.0.29"
}
}
}
],
"category": "product_name",
"name": "Rational Build Forge"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-25031",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2018-25031"
},
{
"cve": "CVE-2019-17495",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2019-17495"
},
{
"cve": "CVE-2021-22060",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2021-22060"
},
{
"cve": "CVE-2021-22096",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2021-22096"
},
{
"cve": "CVE-2022-22968",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2022-22968"
},
{
"cve": "CVE-2022-22970",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2022-22970"
},
{
"cve": "CVE-2024-38820",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2024-38820"
},
{
"cve": "CVE-2024-38828",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2024-38828"
},
{
"cve": "CVE-2025-41248",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2025-41248"
},
{
"cve": "CVE-2025-41249",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2025-41249"
},
{
"cve": "CVE-2025-48734",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2025-48734"
},
{
"cve": "CVE-2025-53057",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2025-53057"
},
{
"cve": "CVE-2025-53066",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2025-53066"
},
{
"cve": "CVE-2025-58754",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2025-58754"
},
{
"cve": "CVE-2025-7783",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2025-7783"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.